Solved Hijack.TaskManager, TDSSConf-A, Security 2012

wisserd · 2011/12/20

[Resolved] Hijack.TaskManager, TDSSConf-A, Security 2012

It started with Webroot popped up with Hijack.TaskManager and I clicked block it, sometime, somehow before that system fix was installed on the desktop. Then Mal/TDSSConf-A came up and I clicked block it. I then ran mbam it found Hijack.TaskManager. Ran mbam every so often and it
found other things, have log if you want them

I was on you web sight when XP Security 2012 malware started running. Desktop went blank. Rebooted to safe mode went back to your sight found cure. Ran FixNCR.reg, RKill, TDSSKiller, Went back to normal boot.

Form boot to desktop load takes 14 min.and another 8 min. before programs start working.

Tried to run webroot antivirus but says keeps disconnecting from engine.

Cannot get GMER to run. I get - Load Driver ( "c:\Documt~1\Admini~1\locals~1\temp\fgtdypow.ss ") error 0xc000010E: Cannot creat a stable subkey under a volatil parent key.

-------------------------------
Database version: 8394

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/19/2011 9:12:43 PM
mbam-log-2011-12-19 (21-12-43).txt

Scan type: Quick scan
Objects scanned: 185907
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-19 21:26:54
-----------------------------
21:26:54.906 OS Version: Windows 5.1.2600 Service Pack 2
21:26:54.906 Number of processors: 1 586 0x801
21:26:54.906 ComputerName: ZAR UserName:
21:27:00.296 Initialze error C000010E - driver not loaded
21:27:15.625 AVAST engine download error: 0
21:27:55.937 Service scanning
21:27:57.031 Service SASENUM C:\WINDOWS\D:\PROGRA~1\SCANNE~1\SUUPER~1\SASENUM.SYS **LOCKED** 123
21:27:57.031 Service SASKUTIL C:\WINDOWS\D:\PROGRA~1\SCANNE~1\SUUPER~1\SASKUTIL.SYS **LOCKED** 123
21:27:57.078 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:27:57.687 Modules scanning
21:27:57.703 Disk 0 trace - called modules:
21:27:57.718
21:27:57.734 Scan finished successfully
21:28:17.265 The log file has been saved successfully to "C:\Documents and Settings\Wizard\Desktop\aswMBR.txt "

----------------------

DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Wizard at 21:29:01 on 2011-12-19
.
============== Running Processes ===============
.
d:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\Program Files\IObit\IObit Security 360\IS360srv.exe
D:\Program Files\Java\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\PROGRA~1\VCOM\MXTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
D:\PROGRA~1\VCOM\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ywerrtyerw.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
d:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\VCOM\PowerDesk\pdexplo.exe
D:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
d:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Documents and Settings\Wizard\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL =
mWindow Title =
uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.*
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\scanne~1\spybot~1\SDHelper.dll
BHO: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe "
uRun: [P2kAutostart] V49E
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe "
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [SpySweeper] "d:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
dRunOnce: [RunNarrator] Narrator.exe
mExplorerRun: [DarkPlus] c:\docume~1\admini~1\locals~1\temp\ywerrtyerw.exe
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
IE:
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Copy to &Lightning Note - d:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\scanne~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B84F631D-2741-463A-9DC7-8C6A74A6C3AB} : DhcpNameServer = 208.67.220.220,208.67.222.222
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: HookRC Class: {a5780613-492e-4a2a-a7fd-549610edf6cc} - d:\program files\vcom\recovery commander\RCHOOK.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\scanners cleaners\suuperantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\wizard\application data\mozilla\firefox\profiles\b31ksli6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.theblaze.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\wizard\application data\mozilla\firefox\profiles\b31ksli6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\wizard\application data\mozilla\firefox\profiles\b31ksli6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\wizard\application data\mozilla\firefox\profiles\b31ksli6.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\documents and settings\wizard\application data\mozilla\firefox\profiles\b31ksli6.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\adobe\reader 10.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\java\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: d:\program files\netscape6\nppl3260.dll
FF - plugin: d:\program files\netscape6\nprjplug.dll
FF - plugin: d:\program files\netscape6\nprpjplug.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R? ASEService;Aluria Spyware Eliminator Service
R? AVG Anti-Spyware Driver;AVG Anti-Spyware Driver
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FileDeleter;ZeroSpyware FileDeleter
R? IKFileSec;File Security Driver
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? MotDev;Motorola Inc. USB Device
R? motport;Motorola USB Diagnostic Port
R? PSI;PSI
R? SASENUM;SASENUM
R? SASKUTIL;SASKUTIL
R? sdAuxService;PC Tools Auxiliary Service
R? sdCoreService;PC Tools Security Service
R? Secunia PSI Agent;Secunia PSI Agent
R? SmartDefragDriver;SmartDefragDriver
R? SNDP202;Bushnell ImageView
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? BsStor;InCD Storage Helper Driver
S? BsUDF;InCD UDF Driver
S? IKSysFlt;System Filter Driver
S? IKSysSec;System Security Driver
S? IS360service;IS360service
S? MotoHelper;MotoHelper Service
S? SASDIFSV;SASDIFSV
S? Secunia Update Agent;Secunia Update Agent
S? ssfs0bbc;ssfs0bbc
S? viasraid;viasraid
S? WebrootSpySweeperService;Webroot Spy Sweeper Engine
S? WRConsumerService;Webroot Client Service
.
=============== Created Last 30 ================
.
2011-12-19 04:59:44 -------- d-sh--w- C:\FOUND.001
2011-12-18 19:20:12 -------- d-sh--w- C:\FOUND.000
2011-12-17 22:38:00 353536 ---ha-w- c:\documents and settings\all users\application data\4YDicJjccpVKPl.exe
2011-12-06 00:40:03 -------- d--h--w- c:\documents and settings\wizard\application data\FreeFileViewer
2011-12-06 00:10:22 -------- d--h--w- c:\program files\File Type Assistant
2011-12-06 00:08:27 -------- d--h--w- c:\program files\FreeFileViewer
2011-12-04 03:54:37 544768 ---ha-w- c:\windows\system32\wbocx.ocx
2011-12-04 03:54:36 56496 ---ha-w- c:\windows\system32\wbhelp2.dll
2011-12-04 03:54:35 1706800 ---ha-w- c:\windows\system32\gdiplus.dll
2011-12-04 03:54:34 33968 ---ha-w- c:\windows\system32\anim.dll
.
==================== Find3M ====================
.
2011-11-24 03:55:42 10 ---ha-w- c:\windows\evypaths.bin
2011-11-13 23:20:44 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:36:57.42 ===============
--------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/8/2004 4:38:13 PM
System Uptime: 12/19/2011 6:48:30 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A7V600-X
Processor: AMD Athlon(TM) MP 1600+ | SOCKET A | 1749/166mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
.
7-Zip 2.30 Beta 25
Abacast Client
AbsolutePoker NET
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Adobe SVG Viewer 3.0
Advanced SystemCare 3
AirBlast
Anki
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arcanum
ArcSoft Camera Studio
Ask Toolbar
ASUSUpdate
Baldur's Gate II - Shadows of Amn Collectors CD
Baldur's Gate(TM) II - Throne of Bhaal (TM)
BitLord 1.1
Bonjour
Bonjour Print Services
Bushnell ImageView
CCleaner
Clean Disk Security 7.9
Corel WordPerfect Suite 8
Creative MediaSource
Creative MuVo NX-TX
Creative System Information
CT Attrib Lite
Data Lifeguard Tools
Disk Investigator 1.6
Disk Space Fan 1.4.3.1
DiskMax 4.56
DivX
DivX Player
DriverAgent Plugin for Netscape by TouchStone Software
Evidence-Blaster 2009
Fallout 3
FaxTools
File Properties Changer
File Type Assistant
FileHippo.com Update Checker
Free File Viewer 2011
Free Natural Text to Speech Reader 2007
FreeApps
FreshDiagnose
Game Booster
GameSpy Arcade
GemBox.Spreadsheet Free 2.7
GetDiz 3.0
Gimp 2.6.2 Debug
Hide IP Platinum 2.5
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
IIS 6.0 Resource Kit Tools
IIS6 Manager
InCD (Ahead Software)
InCD EasyWrite Reader (Ahead Software)
Intel RSX 3D
IObit Security 360
IrfanView (remove only)
iTunes
Java(TM) 6 Update 24
Kaspersky Online Scanner
Lexmark X74-X75
Logitech Desktop Messenger
Logitech MouseWare 9.79
Logitech Resource Center
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Bootvis
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access database engine 2007 (English)
Microsoft PowerPoint Viewer 97
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Moffsoft FreeCalc
MotoHelper 2.0.53 Driver 5.2.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.2.0
Mozilla Firefox (3.6.15)
Mozilla Firefox 4.0 (x86 en-US)
Mozilla Firefox 4.0b6 (x86 en-US)
MSN Gaming Zone
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MuVo Driver
Nero
Netscape Navigator (9.0.0.5)
NVIDIA Drivers
Opera 11.11
PhotoSuite 4 (Remove Only)
PowerDesk 5.0
QuickTime
RealUpgrade 1.0
Recovery Commander
Renamer (remove only)
Reverse Phone Search Tool
Revo Uninstaller 1.92
Rhapsody Player Engine
Safari
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
SIW version 2010.07.14
Sky Fight
Smart Defrag 2
Spy Sweeper Core
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.4
Star Wars®: Knights of the Old Republic (TM)
SUPERAntiSpyware Free Edition
Swat It v2.1
swMSM
System Requirements Lab
The Off By One Web Browser
Tom Clancy's Rainbow Six 3: Raven Shield
Total Commander (Remove or Repair)
Tracks Eraser Pro v5.7
TwistedBrush Free Edition
Unlocker 1.8.5
UOGateway
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Useful File Utilities (remove only)
VCOM SystemSuite 5
VIA Integrated Setup Wizard
Webroot Internet Security Essentials
Winamp
Windows Genuine Advantage v1.3.0254.0
Windows Media Format 11 runtime
WinRAR archiver
WinUtilities 10.38 Free Edition
Wizard101
WordPerfect Lightning
WordPerfect Lightning - MSOM
ZeroSpyware Limited Edition
.
==== Event Viewer Messages From Past Week ========
.
12/19/2011 7:10:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
12/19/2011 7:10:27 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2011 7:03:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/19/2011 7:03:47 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/18/2011 8:35:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 AVG Anti-Spyware Driver Fips IKFileSec SASDIFSV SASKUTIL
12/18/2011 4:49:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 AVG Anti-Spyware Driver Fips IKFileSec IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip uagp35
12/18/2011 12:34:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/18/2011 11:40:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVG Anti-Spyware Driver IKFileSec SASKUTIL uagp35
12/17/2011 7:40:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/17/2011 7:32:30 PM, error: SRService [104] - The System Restore initialization process failed.
12/17/2011 7:32:30 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
12/17/2011 7:31:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 AVG Anti-Spyware Driver Fips IKFileSec IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
12/17/2011 7:31:50 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
12/17/2011 7:31:50 PM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
12/17/2011 7:31:50 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/17/2011 7:31:50 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/17/2011 7:31:50 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
12/17/2011 7:31:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/17/2011 6:56:28 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
12/17/2011 6:27:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
12/17/2011 6:27:57 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2011 6:22:06 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
12/17/2011 6:21:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVG Anti-Spyware Driver IKFileSec SASKUTIL
12/17/2011 6:21:36 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
12/17/2011 6:21:36 PM, error: Service Control Manager [7022] - The Distributed Link Tracking Client service hung on starting.
12/17/2011 6:13:00 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/17/2011 6:12:50 PM, error: Print [23] - Printer Corel Barista failed to initialize because a suitable Corel Barista driver could not be found.
12/17/2011 4:45:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================

wisserd · 2011/12/20

23:53:10.0593 1840 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
23:53:11.0031 1840 ============================================================
23:53:11.0031 1840 Current date / time: 2011/12/18 23:53:11.0031
23:53:11.0031 1840 SystemInfo:
23:53:11.0031 1840
23:53:11.0031 1840 OS Version: 5.1.2600 ServicePack: 2.0
23:53:11.0031 1840 Product type: Workstation
23:53:11.0031 1840 ComputerName: ZAR
23:53:11.0031 1840 UserName: Administrator
23:53:11.0031 1840 Windows directory: C:\WINDOWS
23:53:11.0031 1840 System windows directory: C:\WINDOWS
23:53:11.0031 1840 Processor architecture: Intel x86
23:53:11.0031 1840 Number of processors: 1
23:53:11.0031 1840 Page size: 0x1000
23:53:11.0031 1840 Boot type: Safe boot with network
23:53:11.0031 1840 ============================================================
23:53:13.0968 1840 Initialize success
23:53:18.0515 1464 ============================================================
23:53:18.0515 1464 Scan started
23:53:18.0515 1464 Mode: Manual;
23:53:18.0515 1464 ============================================================
23:54:07.0062 1464 Abiosdsk - ok
23:54:07.0203 1464 abp480n5 - ok
23:54:07.0312 1464 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:54:07.0312 1464 ACPI - ok
23:54:07.0437 1464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:54:07.0437 1464 ACPIEC - ok
23:54:07.0562 1464 adpu160m - ok
23:54:07.0656 1464 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
23:54:07.0656 1464 aeaudio - ok
23:54:07.0718 1464 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
23:54:07.0718 1464 aec - ok
23:54:07.0796 1464 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
23:54:07.0796 1464 AFD - ok
23:54:07.0937 1464 Aha154x - ok
23:54:08.0062 1464 aic78u2 - ok
23:54:08.0203 1464 aic78xx - ok
23:54:08.0359 1464 AliIde - ok
23:54:08.0484 1464 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
23:54:08.0484 1464 AmdK7 - ok
23:54:08.0609 1464 amsint - ok
23:54:08.0781 1464 asc - ok
23:54:08.0906 1464 asc3350p - ok
23:54:09.0046 1464 asc3550 - ok
23:54:09.0265 1464 ASUSHWIO - ok
23:54:09.0328 1464 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:54:09.0328 1464 AsyncMac - ok
23:54:09.0375 1464 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:54:09.0375 1464 atapi - ok
23:54:09.0484 1464 Atdisk - ok
23:54:09.0546 1464 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:54:09.0562 1464 Atmarpc - ok
23:54:09.0656 1464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:54:09.0656 1464 audstub - ok
23:54:09.0812 1464 AVG Anti-Spyware Driver - ok
23:54:09.0937 1464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:54:09.0937 1464 Beep - ok
23:54:10.0109 1464 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\DRIVERS\bsstor.sys
23:54:10.0109 1464 BsStor - ok
23:54:10.0250 1464 BsUDF (4637c8115f9b82b08f192e29b8783aee) C:\WINDOWS\system32\drivers\BsUDF.sys
23:54:10.0250 1464 BsUDF - ok
23:54:10.0375 1464 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
23:54:10.0375 1464 BTHMODEM - ok
23:54:10.0453 1464 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
23:54:10.0453 1464 BVRPMPR5 - ok
23:54:10.0515 1464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:54:10.0515 1464 cbidf2k - ok
23:54:10.0640 1464 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:54:10.0640 1464 CCDECODE - ok
23:54:10.0765 1464 cd20xrnt - ok
23:54:10.0875 1464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:54:10.0875 1464 Cdaudio - ok
23:54:10.0921 1464 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:54:10.0921 1464 Cdfs - ok
23:54:11.0015 1464 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:54:11.0015 1464 Cdrom - ok
23:54:11.0156 1464 Changer - ok
23:54:11.0359 1464 CmdIde - ok
23:54:11.0531 1464 Cpqarray - ok
23:54:11.0656 1464 cpuz134 - ok
23:54:11.0812 1464 dac2w2k - ok
23:54:11.0953 1464 dac960nt - ok
23:54:12.0078 1464 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:54:12.0078 1464 Disk - ok
23:54:12.0265 1464 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:54:12.0281 1464 dmboot - ok
23:54:12.0359 1464 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
23:54:12.0359 1464 dmio - ok
23:54:12.0468 1464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:54:12.0468 1464 dmload - ok
23:54:12.0546 1464 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:54:12.0546 1464 DMusic - ok
23:54:12.0718 1464 dpti2o - ok
23:54:12.0796 1464 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:54:12.0812 1464 drmkaud - ok
23:54:12.0984 1464 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:54:12.0984 1464 Fastfat - ok
23:54:13.0078 1464 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:54:13.0078 1464 Fdc - ok
23:54:13.0171 1464 FETND5BV (338d7cfcf5e2f76eee845dbf4504f4c3) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
23:54:13.0171 1464 FETND5BV - ok
23:54:13.0265 1464 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
23:54:13.0265 1464 FETNDIS - ok
23:54:13.0390 1464 FETNDISB (d3b19a8bae6c20b4d305c7a72e255eb9) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
23:54:13.0390 1464 FETNDISB - ok
23:54:13.0515 1464 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:54:13.0515 1464 Fips - ok
23:54:13.0593 1464 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:54:13.0593 1464 Flpydisk - ok
23:54:13.0718 1464 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
23:54:13.0734 1464 FltMgr - ok
23:54:13.0812 1464 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
23:54:13.0812 1464 FreshIO - ok
23:54:13.0890 1464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:54:13.0890 1464 Fs_Rec - ok
23:54:14.0015 1464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:54:14.0015 1464 Ftdisk - ok
23:54:14.0109 1464 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:54:14.0109 1464 gameenum - ok
23:54:14.0234 1464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:54:14.0234 1464 GEARAspiWDM - ok
23:54:14.0312 1464 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:54:14.0312 1464 Gpc - ok
23:54:14.0421 1464 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:54:14.0421 1464 HidUsb - ok
23:54:14.0546 1464 hpn - ok
23:54:14.0687 1464 hpt3xx - ok
23:54:14.0859 1464 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
23:54:14.0859 1464 HTTP - ok
23:54:15.0000 1464 i2omgmt - ok
23:54:15.0140 1464 i2omp - ok
23:54:15.0203 1464 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:54:15.0203 1464 i8042prt - ok
23:54:15.0343 1464 IKFileSec (bb07262041a213fea5fccf0a9f90d85a) C:\WINDOWS\system32\drivers\ikfilesec.sys
23:54:15.0343 1464 IKFileSec - ok
23:54:15.0468 1464 IKSysFlt (b2581314d54f8de4262f0a51f7ba63d0) C:\WINDOWS\system32\drivers\iksysflt.sys
23:54:15.0468 1464 IKSysFlt - ok
23:54:15.0593 1464 IKSysSec (6f544cd764f949170b46a4dab11673e2) C:\WINDOWS\system32\drivers\iksyssec.sys
23:54:15.0593 1464 IKSysSec - ok
23:54:15.0687 1464 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:54:15.0687 1464 Imapi - ok
23:54:15.0812 1464 incdrm (6f05034230ad665b8ad80214a3a9bc57) C:\WINDOWS\system32\drivers\incdrm.sys
23:54:15.0812 1464 incdrm - ok
23:54:15.0968 1464 ini910u - ok
23:54:16.0140 1464 IntelIde - ok
23:54:16.0250 1464 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
23:54:16.0250 1464 ip6fw - ok
23:54:16.0312 1464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:54:16.0312 1464 IpFilterDriver - ok
23:54:16.0421 1464 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:54:16.0421 1464 IpInIp - ok
23:54:16.0500 1464 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:54:16.0500 1464 IpNat - ok
23:54:16.0656 1464 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:54:16.0656 1464 IPSec - ok
23:54:16.0703 1464 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:54:16.0703 1464 IRENUM - ok
23:54:16.0812 1464 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:54:16.0812 1464 isapnp - ok
23:54:16.0937 1464 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:54:16.0937 1464 Kbdclass - ok
23:54:17.0000 1464 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
23:54:17.0000 1464 kmixer - ok
23:54:17.0062 1464 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
23:54:17.0062 1464 KSecDD - ok
23:54:17.0218 1464 L8042pr2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
23:54:17.0218 1464 L8042pr2 - ok
23:54:17.0375 1464 lbrtfdc - ok
23:54:17.0546 1464 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
23:54:17.0546 1464 LHidFlt2 - ok
23:54:17.0687 1464 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
23:54:17.0687 1464 LHidUsb - ok
23:54:17.0843 1464 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
23:54:17.0843 1464 LMouFlt2 - ok
23:54:17.0921 1464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:54:17.0921 1464 mnmdd - ok
23:54:18.0031 1464 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:54:18.0031 1464 Modem - ok
23:54:18.0109 1464 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\WINDOWS\system32\DRIVERS\motccgp.sys
23:54:18.0109 1464 motccgp - ok
23:54:18.0234 1464 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
23:54:18.0234 1464 motccgpfl - ok
23:54:18.0343 1464 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
23:54:18.0343 1464 MotDev - ok
23:54:18.0453 1464 motmodem (69814acd50a9d6d28296050ef6215d46) C:\WINDOWS\system32\DRIVERS\motmodem.sys
23:54:18.0453 1464 motmodem - ok
23:54:18.0609 1464 motport (69814acd50a9d6d28296050ef6215d46) C:\WINDOWS\system32\DRIVERS\motport.sys
23:54:18.0609 1464 motport - ok
23:54:18.0671 1464 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:54:18.0671 1464 Mouclass - ok
23:54:18.0796 1464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:54:18.0796 1464 mouhid - ok
23:54:18.0875 1464 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:54:18.0875 1464 MountMgr - ok
23:54:19.0000 1464 mraid35x - ok
23:54:19.0093 1464 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:54:19.0093 1464 MRxDAV - ok
23:54:19.0171 1464 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:54:19.0187 1464 MRxSmb - ok
23:54:19.0312 1464 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:54:19.0312 1464 Msfs - ok
23:54:19.0421 1464 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:54:19.0421 1464 MSKSSRV - ok
23:54:19.0562 1464 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:54:19.0562 1464 MSPCLOCK - ok
23:54:19.0640 1464 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:54:19.0640 1464 MSPQM - ok
23:54:19.0703 1464 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:54:19.0718 1464 mssmbios - ok
23:54:19.0875 1464 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
23:54:19.0875 1464 MSTEE - ok
23:54:19.0921 1464 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:54:19.0921 1464 Mup - ok
23:54:20.0031 1464 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:54:20.0031 1464 NABTSFEC - ok
23:54:20.0125 1464 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:54:20.0140 1464 NDIS - ok
23:54:20.0281 1464 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:54:20.0281 1464 NdisIP - ok
23:54:20.0375 1464 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:54:20.0390 1464 NdisTapi - ok
23:54:20.0500 1464 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:54:20.0500 1464 Ndisuio - ok
23:54:20.0562 1464 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:54:20.0578 1464 NdisWan - ok
23:54:20.0640 1464 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:54:20.0640 1464 NDProxy - ok
23:54:20.0687 1464 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:54:20.0687 1464 NetBIOS - ok
23:54:20.0781 1464 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:54:20.0781 1464 NetBT - ok
23:54:20.0984 1464 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:54:20.0984 1464 Npfs - ok
23:54:21.0093 1464 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
23:54:21.0093 1464 Ntfs - ok
23:54:21.0609 1464 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
23:54:21.0625 1464 NTSIM - ok
23:54:21.0750 1464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:54:21.0750 1464 Null - ok
23:54:22.0031 1464 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:54:22.0078 1464 nv - ok
23:54:22.0156 1464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:54:22.0156 1464 NwlnkFlt - ok
23:54:22.0218 1464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:54:22.0234 1464 NwlnkFwd - ok
23:54:22.0406 1464 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
23:54:22.0406 1464 Parport - ok
23:54:22.0468 1464 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:54:22.0468 1464 PartMgr - ok
23:54:22.0500 1464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:54:22.0531 1464 ParVdm - ok
23:54:22.0671 1464 PavSRK.sys - ok
23:54:22.0812 1464 PavTPK.sys - ok
23:54:22.0875 1464 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:54:22.0875 1464 PCI - ok
23:54:23.0000 1464 PCIDump - ok
23:54:23.0140 1464 PCIIde - ok
23:54:23.0234 1464 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:54:23.0234 1464 Pcmcia - ok
23:54:23.0375 1464 PDCOMP - ok
23:54:23.0500 1464 PDFRAME - ok
23:54:23.0640 1464 PDRELI - ok
23:54:23.0765 1464 PDRFRAME - ok
23:54:23.0906 1464 perc2 - ok
23:54:24.0015 1464 perc2hib - ok
23:54:24.0296 1464 PfModNT (0abc514f6606324ce15484d079027798) C:\WINDOWS\system32\drivers\PfModNT.sys
23:54:24.0296 1464 PfModNT - ok
23:54:24.0500 1464 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:54:24.0500 1464 PptpMiniport - ok
23:54:24.0609 1464 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
23:54:24.0609 1464 Processor - ok
23:54:24.0750 1464 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:54:24.0750 1464 PSched - ok
23:54:24.0875 1464 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
23:54:24.0875 1464 PSI - ok
23:54:25.0359 1464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:54:25.0359 1464 Ptilink - ok
23:54:25.0531 1464 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:54:25.0531 1464 PxHelp20 - ok
23:54:26.0046 1464 ql1080 - ok
23:54:26.0484 1464 Ql10wnt - ok
23:54:26.0609 1464 ql12160 - ok
23:54:26.0828 1464 ql1240 - ok
23:54:26.0953 1464 ql1280 - ok
23:54:27.0281 1464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:54:27.0281 1464 RasAcd - ok
23:54:27.0765 1464 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:54:27.0765 1464 Rasl2tp - ok
23:54:28.0062 1464 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:54:28.0062 1464 RasPppoe - ok
23:54:28.0140 1464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:54:28.0140 1464 Raspti - ok
23:54:28.0281 1464 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:54:28.0281 1464 Rdbss - ok
23:54:28.0406 1464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:54:28.0406 1464 RDPCDD - ok
23:54:28.0484 1464 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:54:28.0484 1464 rdpdr - ok
23:54:28.0640 1464 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
23:54:28.0640 1464 RDPWD - ok
23:54:28.0734 1464 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:54:28.0734 1464 redbook - ok
23:54:28.0968 1464 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS
23:54:28.0968 1464 SASDIFSV - ok
23:54:29.0031 1464 SASENUM (7f1085895e499907f68df7731924122b) D:\PROGRA~1\SCANNE~1\SUUPER~1\SASENUM.SYS
23:54:29.0031 1464 SASENUM - ok
23:54:29.0109 1464 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) D:\PROGRA~1\SCANNE~1\SUUPER~1\SASKUTIL.SYS
23:54:29.0109 1464 SASKUTIL - ok
23:54:29.0437 1464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:54:29.0437 1464 Secdrv - ok
23:54:29.0562 1464 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:54:29.0578 1464 serenum - ok
23:54:29.0718 1464 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
23:54:29.0718 1464 Serial - ok
23:54:29.0921 1464 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:54:29.0921 1464 Sfloppy - ok
23:54:30.0093 1464 Simbad - ok
23:54:30.0203 1464 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:54:30.0203 1464 SLIP - ok
23:54:30.0343 1464 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
23:54:30.0343 1464 SmartDefragDriver - ok
23:54:30.0468 1464 smwdm (1d381a07361e4d6a8be95026b3eba47a) C:\WINDOWS\system32\drivers\smwdm.sys
23:54:30.0468 1464 smwdm - ok
23:54:30.0578 1464 SNDP202 (9b3363f5b12b9b811c495a21ec6d15bb) C:\WINDOWS\system32\DRIVERS\sndp202.sys
23:54:30.0578 1464 SNDP202 - ok
23:54:30.0734 1464 Sparrow - ok
23:54:30.0812 1464 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
23:54:30.0812 1464 splitter - ok
23:54:30.0968 1464 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
23:54:30.0968 1464 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
23:54:30.0968 1464 sptd ( LockedFile.Multi.Generic ) - warning
23:54:30.0968 1464 sptd - detected LockedFile.Multi.Generic (1)
23:54:31.0031 1464 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:54:31.0031 1464 sr - ok
23:54:31.0109 1464 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
23:54:31.0125 1464 Srv - ok
23:54:31.0250 1464 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
23:54:31.0250 1464 ssfs0bbc - ok
23:54:31.0296 1464 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
23:54:31.0296 1464 sshrmd - ok
23:54:31.0375 1464 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
23:54:31.0375 1464 ssidrv - ok
23:54:31.0531 1464 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:54:31.0531 1464 streamip - ok
23:54:31.0593 1464 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:54:31.0593 1464 swenum - ok
23:54:31.0687 1464 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:54:31.0687 1464 swmidi - ok
23:54:31.0859 1464 symc810 - ok
23:54:32.0000 1464 symc8xx - ok
23:54:32.0125 1464 sym_hi - ok
23:54:32.0265 1464 sym_u3 - ok
23:54:32.0343 1464 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:54:32.0343 1464 sysaudio - ok
23:54:32.0484 1464 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:54:32.0515 1464 Tcpip - ok
23:54:32.0562 1464 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:54:32.0562 1464 TDPIPE - ok
23:54:32.0640 1464 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:54:32.0640 1464 TDTCP - ok
23:54:32.0703 1464 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:54:32.0703 1464 TermDD - ok
23:54:32.0859 1464 TosIde - ok
23:54:32.0984 1464 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:54:32.0984 1464 tunmp - ok
23:54:33.0093 1464 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
23:54:33.0093 1464 TVICHW32 - ok
23:54:33.0156 1464 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
23:54:33.0156 1464 uagp35 - ok
23:54:33.0234 1464 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:54:33.0234 1464 Udfs - ok
23:54:33.0375 1464 ultra - ok
23:54:33.0500 1464 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:54:33.0500 1464 Update - ok
23:54:33.0625 1464 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:54:33.0625 1464 usbccgp - ok
23:54:33.0703 1464 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:54:33.0718 1464 usbehci - ok
23:54:33.0843 1464 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:54:33.0843 1464 usbhub - ok
23:54:33.0984 1464 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:54:33.0984 1464 usbprint - ok
23:54:34.0125 1464 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:54:34.0125 1464 usbscan - ok
23:54:34.0234 1464 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:54:34.0234 1464 USBSTOR - ok
23:54:34.0312 1464 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:54:34.0312 1464 usbuhci - ok
23:54:34.0375 1464 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:54:34.0375 1464 VgaSave - ok
23:54:34.0453 1464 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
23:54:34.0453 1464 viaagp1 - ok
23:54:34.0515 1464 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:54:34.0515 1464 ViaIde - ok
23:54:34.0593 1464 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\DRIVERS\viasraid.sys
23:54:34.0593 1464 viasraid - ok
23:54:34.0687 1464 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:54:34.0687 1464 VolSnap - ok
23:54:34.0937 1464 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:54:34.0937 1464 Wanarp - ok
23:54:35.0062 1464 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:54:35.0062 1464 Wdf01000 - ok
23:54:35.0203 1464 WDICA - ok
23:54:35.0281 1464 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
23:54:35.0281 1464 wdmaud - ok
23:54:35.0468 1464 wg3n (ec2751e2e9d7d12a0b0b89fc9561b2e8) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
23:54:35.0468 1464 wg3n - ok
23:54:35.0765 1464 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:54:35.0781 1464 WS2IFSL - ok
23:54:35.0890 1464 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:54:35.0890 1464 WSTCODEC - ok
23:54:36.0046 1464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:54:36.0046 1464 WudfPf - ok
23:54:36.0171 1464 MBR (0x1B8) (d46d66c95f9177502c4f4520a9732f5f) \Device\Harddisk0\DR0
23:54:36.0171 1464 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
23:54:36.0171 1464 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
23:54:36.0218 1464 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:54:37.0750 1464 \Device\Harddisk1\DR1 - ok
23:54:37.0781 1464 Boot (0x1200) (2ab96f111dcfdda262095164a80e6df6) \Device\Harddisk0\DR0\Partition0
23:54:37.0781 1464 \Device\Harddisk0\DR0\Partition0 - ok
23:54:37.0812 1464 Boot (0x1200) (1c7722f2a8be2dfc381622d3ff2b5d9f) \Device\Harddisk0\DR0\Partition1
23:54:37.0812 1464 \Device\Harddisk0\DR0\Partition1 - ok
23:54:37.0843 1464 Boot (0x1200) (799cb27c6ab77dcae5d119bc7877d06e) \Device\Harddisk0\DR0\Partition2
23:54:37.0843 1464 \Device\Harddisk0\DR0\Partition2 - ok
23:54:37.0906 1464 Boot (0x1200) (545171d6f728c3058940a7b6940b81b0) \Device\Harddisk0\DR0\Partition3
23:54:37.0906 1464 \Device\Harddisk0\DR0\Partition3 - ok
23:54:37.0937 1464 Boot (0x1200) (4f119000594dabdde8fe2ddce77a814a) \Device\Harddisk1\DR1\Partition0
23:54:37.0937 1464 \Device\Harddisk1\DR1\Partition0 - ok
23:54:38.0000 1464 Boot (0x1200) (709c174f2cc84aaacf62c4e7e59e0eee) \Device\Harddisk1\DR1\Partition1
23:54:38.0000 1464 \Device\Harddisk1\DR1\Partition1 - ok
23:54:38.0062 1464 Boot (0x1200) (990be72ca6dc7d6e49c1ae32805ac7a4) \Device\Harddisk1\DR1\Partition2
23:54:38.0062 1464 \Device\Harddisk1\DR1\Partition2 - ok
23:54:38.0062 1464 ============================================================
23:54:38.0062 1464 Scan finished
23:54:38.0062 1464 ============================================================
23:54:38.0156 1080 Detected object count: 2
23:54:38.0156 1080 Actual detected object count: 2
23:56:45.0296 1080 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:56:45.0296 1080 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:56:45.0359 1080 \Device\Harddisk0\DR0 - processing error
23:57:06.0093 1080 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
23:57:33.0703 1820 Deinitialize success

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/19/2011 at 0:29:40.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 12/19/2011 at 0:31:11.

broni · 2011/12/20

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

wisserd · 2011/12/20

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

broni · 2011/12/20

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

Post new Bootkit Remover log as well.

wisserd · 2011/12/20

Found this on desktop when closing windows

.\debug.cpp(238) : Debug log started at 21.12.2011 - 03:25:59
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00214900 "\WINDOWS\system32\ntoskrnl.exe "
.\debug.cpp(256) : 0x806ec000 0x00020380 "\WINDOWS\system32\hal.dll "
.\debug.cpp(256) : 0xf8c36000 0x00002000 "\WINDOWS\system32\KDCOM.DLL "
.\debug.cpp(256) : 0xf8b46000 0x00003000 "\WINDOWS\system32\BOOTVID.dll "
.\debug.cpp(256) : 0xf8614000 0x00101000 "spco.sys "
.\debug.cpp(256) : 0xf8c38000 0x00002000 "\WINDOWS\System32\Drivers\WMILIB.SYS "
.\debug.cpp(256) : 0xf85fc000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS "
.\debug.cpp(256) : 0xf85ce000 0x0002e000 "ACPI.sys "
.\debug.cpp(256) : 0xf85bd000 0x00011000 "pci.sys "
.\debug.cpp(256) : 0xf8736000 0x00009000 "isapnp.sys "
.\debug.cpp(256) : 0xf8746000 0x00009000 "sshrmd.sys "
.\debug.cpp(256) : 0xf8756000 0x0000b000 "ssfs0bbc.sys "
.\debug.cpp(256) : 0xf858f000 0x0002e000 "ssidrv.sys "
.\debug.cpp(256) : 0xf8562000 0x0002d000 "\WINDOWS\system32\DRIVERS\NDIS.SYS "
.\debug.cpp(256) : 0xf89b6000 0x00005000 "\WINDOWS\system32\DRIVERS\TDI.SYS "
.\debug.cpp(256) : 0xf8c3a000 0x00002000 "viaide.sys "
.\debug.cpp(256) : 0xf89be000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS "
.\debug.cpp(256) : 0xf8766000 0x0000b000 "MountMgr.sys "
.\debug.cpp(256) : 0xf8543000 0x0001f000 "ftdisk.sys "
.\debug.cpp(256) : 0xf8c3c000 0x00002000 "dmload.sys "
.\debug.cpp(256) : 0xf851d000 0x00026000 "dmio.sys "
.\debug.cpp(256) : 0xf89c6000 0x00005000 "PartMgr.sys "
.\debug.cpp(256) : 0xf8776000 0x0000d000 "VolSnap.sys "
.\debug.cpp(256) : 0xf8505000 0x00018000 "atapi.sys "
.\debug.cpp(256) : 0xf84f2000 0x00013000 "viasraid.sys "
.\debug.cpp(256) : 0xf8786000 0x00009000 "disk.sys "
.\debug.cpp(256) : 0xf8796000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS "
.\debug.cpp(256) : 0xf84d2000 0x00020000 "fltmgr.sys "
.\debug.cpp(256) : 0xf84c0000 0x00012000 "sr.sys "
.\debug.cpp(256) : 0xf8b4a000 0x00003000 "bsstor.sys "
.\debug.cpp(256) : 0xf87a6000 0x00009000 "PxHelp20.sys "
.\debug.cpp(256) : 0xf849d000 0x00023000 "Fastfat.sys "
.\debug.cpp(256) : 0xf8486000 0x00017000 "KSecDD.sys "
.\debug.cpp(256) : 0xf87b6000 0x0000b000 "uagp35.sys "
.\debug.cpp(256) : 0xf89ce000 0x00007000 "viaagp1.sys "
.\debug.cpp(256) : 0xf846b000 0x0001b000 "Mup.sys "
.\debug.cpp(256) : 0xf8bf6000 0x00004000 "\SystemRoot\system32\DRIVERS\tunmp.sys "
.\debug.cpp(256) : 0xf87e6000 0x0000a000 "\SystemRoot\System32\DRIVERS\amdk7.sys "
.\debug.cpp(256) : 0xf802b000 0x003d0000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys "
.\debug.cpp(256) : 0xf8017000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS "
.\debug.cpp(256) : 0xf87f6000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys "
.\debug.cpp(256) : 0xf8806000 0x0000d000 "\SystemRoot\System32\DRIVERS\cdrom.sys "
.\debug.cpp(256) : 0xf8816000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys "
.\debug.cpp(256) : 0xf7ff4000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys "
.\debug.cpp(256) : 0xf8c3e000 0x00002000 "\SystemRoot\System32\Drivers\incdrm.SYS "
.\debug.cpp(256) : 0xf89ee000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys "
.\debug.cpp(256) : 0xf89f6000 0x00005000 "\SystemRoot\System32\DRIVERS\usbuhci.sys "
.\debug.cpp(256) : 0xf7fd1000 0x00023000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS "
.\debug.cpp(256) : 0xf89fe000 0x00007000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
.\debug.cpp(256) : 0xf8a06000 0x00007000 "\SystemRoot\System32\DRIVERS\fdc.sys "
.\debug.cpp(256) : 0xf7fbd000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys "
.\debug.cpp(256) : 0xf8826000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys "
.\debug.cpp(256) : 0xf8bfe000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys "
.\debug.cpp(256) : 0xf8836000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys "
.\debug.cpp(256) : 0xf8a0e000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys "
.\debug.cpp(256) : 0xf8c02000 0x00003000 "\SystemRoot\System32\DRIVERS\gameenum.sys "
.\debug.cpp(256) : 0xf7f2f000 0x0008e000 "\SystemRoot\system32\drivers\smwdm.sys "
.\debug.cpp(256) : 0xf7f0b000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys "
.\debug.cpp(256) : 0xf8846000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys "
.\debug.cpp(256) : 0xf8c40000 0x00002000 "\SystemRoot\system32\drivers\aeaudio.sys "
.\debug.cpp(256) : 0xf8856000 0x0000b000 "\SystemRoot\system32\DRIVERS\fetnd5bv.sys "
.\debug.cpp(256) : 0xf8c06000 0x00004000 "\SystemRoot\System32\DRIVERS\usbscan.sys "
.\debug.cpp(256) : 0xf8c42000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS "
.\debug.cpp(256) : 0xf8d8f000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys "
.\debug.cpp(256) : 0xf8866000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys "
.\debug.cpp(256) : 0xf8c0a000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys "
.\debug.cpp(256) : 0xf7ef4000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys "
.\debug.cpp(256) : 0xf8876000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys "
.\debug.cpp(256) : 0xf8886000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys "
.\debug.cpp(256) : 0xf7e43000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys "
.\debug.cpp(256) : 0xf8896000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys "
.\debug.cpp(256) : 0xf8a16000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys "
.\debug.cpp(256) : 0xf8a1e000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys "
.\debug.cpp(256) : 0xf88a6000 0x0000a000 "\SystemRoot\system32\DRIVERS\bthmodem.sys "
.\debug.cpp(256) : 0xf7e12000 0x00031000 "\SystemRoot\System32\DRIVERS\rdpdr.sys "
.\debug.cpp(256) : 0xf88b6000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys "
.\debug.cpp(256) : 0xf8a26000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys "
.\debug.cpp(256) : 0xf8c44000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys "
.\debug.cpp(256) : 0xf7db6000 0x00034000 "\SystemRoot\System32\DRIVERS\update.sys "
.\debug.cpp(256) : 0xf8c1e000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys "
.\debug.cpp(256) : 0xf88c6000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
.\debug.cpp(256) : 0xf88d6000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys "
.\debug.cpp(256) : 0xf8a2e000 0x00005000 "\SystemRoot\System32\DRIVERS\flpydisk.sys "
.\debug.cpp(256) : 0xf6c7a000 0x00014000 "\SystemRoot\system32\drivers\iksysflt.sys "
.\debug.cpp(256) : 0xf88f6000 0x0000e000 "\SystemRoot\system32\drivers\KCOM.SYS "
.\debug.cpp(256) : 0xf6c63000 0x00017000 "\SystemRoot\system32\drivers\iksyssec.sys "
.\debug.cpp(256) : 0xf8906000 0x0000e000 "\SystemRoot\system32\drivers\ikfilesec.SYS "
.\debug.cpp(256) : 0xf8c46000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
.\debug.cpp(256) : 0xf8d13000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS "
.\debug.cpp(256) : 0xf8c48000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS "
.\debug.cpp(256) : 0xf8a46000 0x00006000 "\SystemRoot\System32\drivers\vga.sys "
.\debug.cpp(256) : 0xf8c4a000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS "
.\debug.cpp(256) : 0xf8c4c000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
.\debug.cpp(256) : 0xf8a4e000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS "
.\debug.cpp(256) : 0xf8a56000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS "
.\debug.cpp(256) : 0xf842b000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys "
.\debug.cpp(256) : 0xf6c30000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys "
.\debug.cpp(256) : 0xf6bd8000 0x00058000 "\SystemRoot\System32\DRIVERS\tcpip.sys "
.\debug.cpp(256) : 0xf6bb0000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys "
.\debug.cpp(256) : 0xf6b8e000 0x00022000 "\SystemRoot\System32\drivers\afd.sys "
.\debug.cpp(256) : 0xf8916000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys "
.\debug.cpp(256) : 0xf6a61000 0x0008d000 "\SystemRoot\System32\Drivers\Ntfs.SYS "
.\debug.cpp(256) : 0xf8a5e000 0x00007000 "\??\D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS "
.\debug.cpp(256) : 0xf6a40000 0x00021000 "\SystemRoot\System32\DRIVERS\ipnat.sys "
.\debug.cpp(256) : 0xf8936000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys "
.\debug.cpp(256) : 0xf69e0000 0x00038000 "\SystemRoot\System32\Drivers\agkyt1bi.SYS "
.\debug.cpp(256) : 0xf69b5000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys "
.\debug.cpp(256) : 0xf6946000 0x0006f000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys "
.\debug.cpp(256) : 0xf8946000 0x00009000 "\SystemRoot\System32\Drivers\Fips.SYS "
.\debug.cpp(256) : 0xf8966000 0x00009000 "\SystemRoot\System32\Drivers\LHidUsb.Sys "
.\debug.cpp(256) : 0xf8976000 0x00009000 "\SystemRoot\System32\Drivers\HIDCLASS.SYS "
.\debug.cpp(256) : 0xf8ace000 0x00007000 "\SystemRoot\System32\Drivers\HIDPARSE.SYS "
.\debug.cpp(256) : 0xf8ad6000 0x00006000 "\SystemRoot\system32\DRIVERS\LHidFlt2.Sys "
.\debug.cpp(256) : 0xf7dfa000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
.\debug.cpp(256) : 0xf8986000 0x00010000 "\SystemRoot\system32\DRIVERS\LMouFlt2.Sys "
.\debug.cpp(256) : 0xf8996000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS "
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys "
.\debug.cpp(256) : 0xf7dee000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys "
.\debug.cpp(256) : 0xf8ade000 0x00005000 "\SystemRoot\System32\watchdog.sys "
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys "
.\debug.cpp(256) : 0xf8e76000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys "
.\debug.cpp(256) : 0xbf012000 0x00452000 "\SystemRoot\System32\nv4_disp.dll "
.\debug.cpp(256) : 0xb9589000 0x0006e000 "\SystemRoot\System32\Drivers\BsUDF.SYS "
.\debug.cpp(256) : 0xb9578000 0x00011000 "\SystemRoot\System32\Drivers\Udfs.SYS "
.\debug.cpp(256) : 0xf8c68000 0x00002000 "\SystemRoot\SYSTEM32\Drivers\wg3n.sys "
.\debug.cpp(256) : 0xb8943000 0x0002c000 "\SystemRoot\System32\DRIVERS\mrxdav.sys "
.\debug.cpp(256) : 0xf8c7a000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS "
.\debug.cpp(256) : 0xb8841000 0x00012000 "\??\C:\WINDOWS\system32\drivers\PfModNT.sys "
.\debug.cpp(256) : 0xb8a07000 0x0000a000 "\SystemRoot\System32\DRIVERS\secdrv.sys "
.\debug.cpp(256) : 0xb850c000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys "
.\debug.cpp(256) : 0xb86d1000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys "
.\debug.cpp(256) : 0xb7738000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys "
.\debug.cpp(256) : 0xb6048000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys "
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\System32\ntdll.dll "
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2OffsetCD1584800Length5CFF3B800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
.\debug.cpp(400) : Destination "\Device\Ndis "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3: "
.\debug.cpp(400) : Destination "\Device\Scsi\agkyt1bi1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
.\debug.cpp(400) : Destination "\Device\Video0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8295B628-0000-0000-43F0-000000000000 "
.\debug.cpp(400) : Destination "\Device\8295B628-0000-0000-43F0-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&10c7922&0#{97f76ef0-f883-11d0-af1f-0000f800845c} "
.\debug.cpp(400) : Destination "\Device\0000006c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&83#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
.\debug.cpp(400) : Destination "\Device\Video1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon "
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset6AD8E3C00Length2DCF1B000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip "
.\debug.cpp(400) : Destination "\Device\Ip "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF.SYS "
.\debug.cpp(400) : Destination "\BsUDF "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
.\debug.cpp(400) : Destination "\Device\Video2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset2EE1B7200Length3BF724C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev "
.\debug.cpp(400) : Destination "\Device\IPSEC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
.\debug.cpp(400) : Destination "\Device\Video3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000041 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8A57C238-0000-0000-A410-000000000000 "
.\debug.cpp(400) : Destination "\Device\8A57C238-0000-0000-A410-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY "
.\debug.cpp(400) : Destination "\Device\NDProxy "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\80570628-0000-0000-6250-000000000000 "
.\debug.cpp(400) : Destination "\Device\80570628-0000-0000-6250-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
.\debug.cpp(400) : Destination "\Device\Video4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0 "
.\debug.cpp(400) : Destination "\Device\Tun0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#IMAGE#0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f} "
.\debug.cpp(400) : Destination "\Device\00000005 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1 "
.\debug.cpp(400) : Destination "\Device\ParallelVdm0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr "
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsStor "
.\debug.cpp(400) : Destination "\Device\BsStor "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E82A3CD6-0914-4D3A-8AE2-9020E766B448} "
.\debug.cpp(400) : Destination "\Device\{E82A3CD6-0914-4D3A-8AE2-9020E766B448} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
.\debug.cpp(400) : Destination "\Device\WMIDataDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8A970628-0000-0000-9350-000000000000 "
.\debug.cpp(400) : Destination "\Device\8A970628-0000-0000-9350-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6899-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1 "
.\debug.cpp(400) : Destination "\Device\Serial0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_6_Model_8#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000050 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_WJGTAPK&Prod_KHIFSLI7CH2&Rev_1.03#5&36e5972&0&000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Scsi\agkyt1bi1Port3Path0Target0Lun0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LHidfltr "
.\debug.cpp(400) : Destination "\Device\LHidfltr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6895-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6F5BEAB8-071A-48CF-BA30-082E8B3EE5CD} "
.\debug.cpp(400) : Destination "\Device\{6F5BEAB8-071A-48CF-BA30-082E8B3EE5CD} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
.\debug.cpp(400) : Destination "\Device\NamedPipe "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\02027138-0000-0000-4610-000000000000 "
.\debug.cpp(400) : Destination "\Device\02027138-0000-0000-4610-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
.\debug.cpp(400) : Destination "\Device\00000047 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\03432238-0000-0000-B410-000000000000 "
.\debug.cpp(400) : Destination "\Device\03432238-0000-0000-B410-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80#3&61aaa01&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G: "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000080 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
.\debug.cpp(400) : Destination "\Device\Mup "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched "
.\debug.cpp(400) : Destination "\Device\PSched "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PfModNT "
.\debug.cpp(400) : Destination "\Device\PfModNT "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT "
.\debug.cpp(400) : Destination "\Device\IPNAT "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPB02F#4&10c7922&0#{cae56030-684a-11d0-d6f6-00a0c90f57da} "
.\debug.cpp(400) : Destination "\Device\0000006f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{828FE58E-1572-443F-8DF6-08889EC18CC3} "
.\debug.cpp(400) : Destination "\Device\{828FE58E-1572-443F-8DF6-08889EC18CC3} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice "
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
.\debug.cpp(400) : Destination "\Device\USBFDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITEON_CD-ROM_LTN526D___________________9S03____#5&1e37d5f0&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TCP "
.\debug.cpp(400) : Destination "\Device\Tcp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{23F08B98-68EE-4E99-A8F9-159CC76219F6} "
.\debug.cpp(400) : Destination "\Device\{23F08B98-68EE-4E99-A8F9-159CC76219F6} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec4-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF "
.\debug.cpp(400) : Destination "\BsUDF "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
.\debug.cpp(400) : Destination "\Device\VideoPdo0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6897-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&13f2badf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
.\debug.cpp(400) : Destination "\Device\USBFDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000046 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1af31ff6-00db-11e0-b74f-00112f09f58a} "
.\debug.cpp(400) : Destination "\Device\Floppy0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SSIDRV "
.\debug.cpp(400) : Destination "\Device\SSIDRV "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\89DC9628-0000-0000-D2F0-000000000000 "
.\debug.cpp(400) : Destination "\Device\89DC9628-0000-0000-D2F0-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
.\debug.cpp(400) : Destination "\DosDevices\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
.\debug.cpp(400) : Destination "\Device\USBFDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000045 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0D3E5338-0000-0000-A410-000000000000 "
.\debug.cpp(400) : Destination "\Device\0D3E5338-0000-0000-A410-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H: "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio "
.\debug.cpp(400) : Destination "\Device\sysaudio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1 "
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
.\debug.cpp(400) : Destination "\Device\FsWrap "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
.\debug.cpp(400) : Destination "\Device\USBFDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000044 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\872AD628-0000-0000-7CD0-000000000000 "
.\debug.cpp(400) : Destination "\Device\872AD628-0000-0000-7CD0-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000080 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
.\debug.cpp(400) : Destination "\Device\USBFDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilterStub "
.\debug.cpp(400) : Destination "\Device\DsdaFilterStub "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1 "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&29ae02ea&1&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\FloppyPDO0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
.\debug.cpp(400) : Destination "\GLOBAL?? "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{43d6457f-4611-4825-add7-0369b77cc43c} "
.\debug.cpp(400) : Destination "\Device\00000080 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2 "
.\debug.cpp(400) : Destination "\Device\CdRom2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0171&SUBSYS_00000000&REV_A3#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ebf-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset34BBF7000Length46527F000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&10c7922&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000006e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0 "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec5-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
.\debug.cpp(400) : Destination "\Device\Secdrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{f117b9b2-6e65-11d2-a148-00001c2053de} "
.\debug.cpp(400) : Destination "\Device\00000080 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6896-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&37f4da28&1&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1} "
.\debug.cpp(400) : Destination "\Device\Parallel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\084A1728-0000-0000-C622-000000000000 "
.\debug.cpp(400) : Destination "\Device\084A1728-0000-0000-C622-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\02001828-0000-0000-FE12-000000000000 "
.\debug.cpp(400) : Destination "\Device\02001828-0000-0000-FE12-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPA000#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000056 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c016#5&3984d498&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LHidusb "
.\debug.cpp(400) : Destination "\Device\LHidusb "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7d8eea2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\04201828-0000-0000-FE12-000000000000 "
.\debug.cpp(400) : Destination "\Device\04201828-0000-0000-FE12-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$systemsecurity "
.\debug.cpp(400) : Destination "\Device\$systemsecurity "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DBAE4B70-8EB2-446C-BE5E-0F49F7700E88} "
.\debug.cpp(400) : Destination "\Device\{DBAE4B70-8EB2-446C-BE5E-0F49F7700E88} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f792fe0c-99c5-11de-b522-00112f09f58a} "
.\debug.cpp(400) : Destination "\Device\CdRom2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec2-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF.VXD "
.\debug.cpp(400) : Destination "\BsUDF "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&81#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
.\debug.cpp(400) : Destination "\Device\MountPointManager "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\02000728-0000-0000-03F0-000000000000 "
.\debug.cpp(400) : Destination "\Device\02000728-0000-0000-03F0-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1a929f47&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000040 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32 "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig "
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\K: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
.\debug.cpp(400) : Destination "\Device\WANARP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITEON_CD-ROM_LTN526D___________________9S03____#5&1e37d5f0&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8D9C4728-0000-0000-9DD0-000000000000 "
.\debug.cpp(400) : Destination "\Device\8D9C4728-0000-0000-9DD0-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\829E7728-0000-0000-FE12-000000000000 "
.\debug.cpp(400) : Destination "\Device\829E7728-0000-0000-FE12-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace "
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A: "
.\debug.cpp(400) : Destination "\Device\Floppy0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMaxtor_4D040H2__________________________DAH017K0#3244513531424535202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
.\debug.cpp(400) : Destination "\Device\NdisWanIp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC} "
.\debug.cpp(400) : Destination "\Device\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_WJGTAPK&Prod_KHIFSLI7CH2&Rev_1.03#5&36e5972&0&000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Scsi\agkyt1bi1Port3Path0Target0Lun0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD800JB-00ETA0______________________77.07W77#4457572d41434c48393534333835_033_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMOUSE "
.\debug.cpp(400) : Destination "\Device\lmouse "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&82#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ae0c203&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset7B0E7DE00Length5206FEC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\L: "
.\debug.cpp(400) : Destination "\Device\CdRom2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c73-03ab-11d9-acbc-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0A357628-0000-0000-7750-000000000000 "
.\debug.cpp(400) : Destination "\Device\0A357628-0000-0000-7750-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8C864728-0000-0000-FE12-000000000000 "
.\debug.cpp(400) : Destination "\Device\8C864728-0000-0000-FE12-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\00000047 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000043 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1 "
.\debug.cpp(400) : Destination "\Device\ParTechInc0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec0-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c71-03ab-11d9-acbc-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1 "
.\debug.cpp(400) : Destination "\Device\Parallel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\043C3628-0000-0000-E450-000000000000 "
.\debug.cpp(400) : Destination "\Device\043C3628-0000-0000-E450-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI "
.\debug.cpp(400) : Destination "\Device\NdisTapi "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
.\debug.cpp(400) : Destination "\Device\NdisWan "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
.\debug.cpp(400) : Destination "\Device\AscKmd "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PWIPF6 "
.\debug.cpp(400) : Destination "\Device\pwipf6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST "
.\debug.cpp(400) : Destination "\Device\IPMULTICAST "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7EEE3CA0-950F-4767-942E-B9646276C0A9} "
.\debug.cpp(400) : Destination "\Device\{7EEE3CA0-950F-4767-942E-B9646276C0A9} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2 "
.\debug.cpp(400) : Destination "\Device\ParTechInc1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader "
.\debug.cpp(400) : Destination "\Device\DmLoader "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow "
.\debug.cpp(400) : Destination "\Device\LanmanRedirector "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c72-03ab-11d9-acbc-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec3-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e689a-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3 "
.\debug.cpp(400) : Destination "\Device\ParTechInc2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmwdmDev "
.\debug.cpp(400) : Destination "\Device\Smwdm0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset7E00Length34BBE7400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset7E00Length2EE1A7600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV "
.\debug.cpp(400) : Destination "\Device\SASDIFSV "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_80ED1043&REV_86#3&61aaa01&0&84#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
.\debug.cpp(400) : Destination "\Device\FtControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
.\debug.cpp(400) : Destination "\Device\MailSlot "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8C672628-0000-0000-7442-000000000000 "
.\debug.cpp(400) : Destination "\Device\8C672628-0000-0000-7442-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
.\debug.cpp(400) : Destination "\DosDevices\COM1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3A57D337-89D6-47E5-9126-01295D20B9C6} "
.\debug.cpp(400) : Destination "\Device\{3A57D337-89D6-47E5-9126-01295D20B9C6} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
.\debug.cpp(400) : Destination " "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
.\debug.cpp(400) : Destination "\Device\Null "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000004a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
.\debug.cpp(400) : Destination "\Device\Scsi\viasraid1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3065&SUBSYS_80ED1043&REV_78#3&61aaa01&0&90#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000049 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6898-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d9a72a8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo "
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo "
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 74 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1136) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1138) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1139) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1143) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1144) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1147) :
.\boot_cleaner.cpp(1152) : Done;

broni · 2011/12/20

Did you run FixTDSS first?

wisserd · 2011/12/20

No. That was left from the first time.

Tried to turn off system restore and got this (System restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again.) Rebooted computer and got the same thing. Cannot turn off system restore.

broni · 2011/12/20

Leave it alone then.

Run FixTDSS, let me know what it said and then re-run Bootkit Remover and post new log.

wisserd · 2011/12/20

It says ***Infected MBR detected [Repair] [Close]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 16bb08ba9cabb5844b084485e91769e3

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

wisserd · 2011/12/20

.\debug.cpp(238) : Debug log started at 21.12.2011 - 05:11:40
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00214900 "\WINDOWS\system32\ntoskrnl.exe "
.\debug.cpp(256) : 0x806ec000 0x00020380 "\WINDOWS\system32\hal.dll "
.\debug.cpp(256) : 0xf8c36000 0x00002000 "\WINDOWS\system32\KDCOM.DLL "
.\debug.cpp(256) : 0xf8b46000 0x00003000 "\WINDOWS\system32\BOOTVID.dll "
.\debug.cpp(256) : 0xf89b6000 0x00005000 "FixTDSS.sys "
.\debug.cpp(256) : 0xf8614000 0x00101000 "splv.sys "
.\debug.cpp(256) : 0xf8c38000 0x00002000 "\WINDOWS\System32\Drivers\WMILIB.SYS "
.\debug.cpp(256) : 0xf85fc000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS "
.\debug.cpp(256) : 0xf85ce000 0x0002e000 "ACPI.sys "
.\debug.cpp(256) : 0xf85bd000 0x00011000 "pci.sys "
.\debug.cpp(256) : 0xf8736000 0x00009000 "isapnp.sys "
.\debug.cpp(256) : 0xf8746000 0x00009000 "sshrmd.sys "
.\debug.cpp(256) : 0xf8756000 0x0000b000 "ssfs0bbc.sys "
.\debug.cpp(256) : 0xf858f000 0x0002e000 "ssidrv.sys "
.\debug.cpp(256) : 0xf8562000 0x0002d000 "\WINDOWS\system32\DRIVERS\NDIS.SYS "
.\debug.cpp(256) : 0xf89be000 0x00005000 "\WINDOWS\system32\DRIVERS\TDI.SYS "
.\debug.cpp(256) : 0xf8c3a000 0x00002000 "viaide.sys "
.\debug.cpp(256) : 0xf89c6000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS "
.\debug.cpp(256) : 0xf8766000 0x0000b000 "MountMgr.sys "
.\debug.cpp(256) : 0xf8543000 0x0001f000 "ftdisk.sys "
.\debug.cpp(256) : 0xf8c3c000 0x00002000 "dmload.sys "
.\debug.cpp(256) : 0xf851d000 0x00026000 "dmio.sys "
.\debug.cpp(256) : 0xf89ce000 0x00005000 "PartMgr.sys "
.\debug.cpp(256) : 0xf8776000 0x0000d000 "VolSnap.sys "
.\debug.cpp(256) : 0xf8505000 0x00018000 "atapi.sys "
.\debug.cpp(256) : 0xf84f2000 0x00013000 "viasraid.sys "
.\debug.cpp(256) : 0xf8786000 0x00009000 "disk.sys "
.\debug.cpp(256) : 0xf8796000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS "
.\debug.cpp(256) : 0xf84d2000 0x00020000 "fltmgr.sys "
.\debug.cpp(256) : 0xf84c0000 0x00012000 "sr.sys "
.\debug.cpp(256) : 0xf8b4a000 0x00003000 "bsstor.sys "
.\debug.cpp(256) : 0xf87a6000 0x00009000 "PxHelp20.sys "
.\debug.cpp(256) : 0xf849d000 0x00023000 "Fastfat.sys "
.\debug.cpp(256) : 0xf8486000 0x00017000 "KSecDD.sys "
.\debug.cpp(256) : 0xf89d6000 0x00007000 "viaagp1.sys "
.\debug.cpp(256) : 0xf846b000 0x0001b000 "Mup.sys "
.\debug.cpp(256) : 0xf8be6000 0x00004000 "\SystemRoot\system32\DRIVERS\tunmp.sys "
.\debug.cpp(256) : 0xf87e6000 0x0000a000 "\SystemRoot\System32\DRIVERS\amdk7.sys "
.\debug.cpp(256) : 0xf802b000 0x003d0000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys "
.\debug.cpp(256) : 0xf8017000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS "
.\debug.cpp(256) : 0xf87f6000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys "
.\debug.cpp(256) : 0xf8806000 0x0000d000 "\SystemRoot\System32\DRIVERS\cdrom.sys "
.\debug.cpp(256) : 0xf8816000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys "
.\debug.cpp(256) : 0xf7ff4000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys "
.\debug.cpp(256) : 0xf8c3e000 0x00002000 "\SystemRoot\System32\Drivers\incdrm.SYS "
.\debug.cpp(256) : 0xf89f6000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys "
.\debug.cpp(256) : 0xf89fe000 0x00005000 "\SystemRoot\System32\DRIVERS\usbuhci.sys "
.\debug.cpp(256) : 0xf7fd1000 0x00023000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS "
.\debug.cpp(256) : 0xf8a06000 0x00007000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
.\debug.cpp(256) : 0xf8a0e000 0x00007000 "\SystemRoot\System32\DRIVERS\fdc.sys "
.\debug.cpp(256) : 0xf7fbd000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys "
.\debug.cpp(256) : 0xf8826000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys "
.\debug.cpp(256) : 0xf8bf2000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys "
.\debug.cpp(256) : 0xf8836000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys "
.\debug.cpp(256) : 0xf8a16000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys "
.\debug.cpp(256) : 0xf8bf6000 0x00003000 "\SystemRoot\System32\DRIVERS\gameenum.sys "
.\debug.cpp(256) : 0xf7f2f000 0x0008e000 "\SystemRoot\system32\drivers\smwdm.sys "
.\debug.cpp(256) : 0xf7f0b000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys "
.\debug.cpp(256) : 0xf8846000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys "
.\debug.cpp(256) : 0xf8c40000 0x00002000 "\SystemRoot\system32\drivers\aeaudio.sys "
.\debug.cpp(256) : 0xf8856000 0x0000b000 "\SystemRoot\system32\DRIVERS\fetnd5bv.sys "
.\debug.cpp(256) : 0xf8bfa000 0x00004000 "\SystemRoot\System32\DRIVERS\usbscan.sys "
.\debug.cpp(256) : 0xf8c42000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS "
.\debug.cpp(256) : 0xf8d8d000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys "
.\debug.cpp(256) : 0xf8866000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys "
.\debug.cpp(256) : 0xf8bfe000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys "
.\debug.cpp(256) : 0xf7ef4000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys "
.\debug.cpp(256) : 0xf8876000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys "
.\debug.cpp(256) : 0xf8886000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys "
.\debug.cpp(256) : 0xf7e43000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys "
.\debug.cpp(256) : 0xf8896000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys "
.\debug.cpp(256) : 0xf8a1e000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys "
.\debug.cpp(256) : 0xf8a26000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys "
.\debug.cpp(256) : 0xf88a6000 0x0000a000 "\SystemRoot\system32\DRIVERS\bthmodem.sys "
.\debug.cpp(256) : 0xf7e12000 0x00031000 "\SystemRoot\System32\DRIVERS\rdpdr.sys "
.\debug.cpp(256) : 0xf88b6000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys "
.\debug.cpp(256) : 0xf8a2e000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys "
.\debug.cpp(256) : 0xf8c44000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys "
.\debug.cpp(256) : 0xf7db6000 0x00034000 "\SystemRoot\System32\DRIVERS\update.sys "
.\debug.cpp(256) : 0xf8c12000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys "
.\debug.cpp(256) : 0xf88c6000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
.\debug.cpp(256) : 0xf88d6000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys "
.\debug.cpp(256) : 0xf8a36000 0x00005000 "\SystemRoot\System32\DRIVERS\flpydisk.sys "
.\debug.cpp(256) : 0xf6c7a000 0x00014000 "\SystemRoot\system32\drivers\iksysflt.sys "
.\debug.cpp(256) : 0xf88f6000 0x0000e000 "\SystemRoot\system32\drivers\KCOM.SYS "
.\debug.cpp(256) : 0xf6c63000 0x00017000 "\SystemRoot\system32\drivers\iksyssec.sys "
.\debug.cpp(256) : 0xf8906000 0x0000e000 "\SystemRoot\system32\drivers\ikfilesec.SYS "
.\debug.cpp(256) : 0xf8c46000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
.\debug.cpp(256) : 0xf8d3c000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS "
.\debug.cpp(256) : 0xf8c48000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS "
.\debug.cpp(256) : 0xf8a4e000 0x00006000 "\SystemRoot\System32\drivers\vga.sys "
.\debug.cpp(256) : 0xf8c4a000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS "
.\debug.cpp(256) : 0xf8c4c000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
.\debug.cpp(256) : 0xf8a56000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS "
.\debug.cpp(256) : 0xf8a5e000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS "
.\debug.cpp(256) : 0xf8437000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys "
.\debug.cpp(256) : 0xf6c30000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys "
.\debug.cpp(256) : 0xf6bd8000 0x00058000 "\SystemRoot\System32\DRIVERS\tcpip.sys "
.\debug.cpp(256) : 0xf6bb0000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys "
.\debug.cpp(256) : 0xf6b8e000 0x00022000 "\SystemRoot\System32\drivers\afd.sys "
.\debug.cpp(256) : 0xf8916000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys "
.\debug.cpp(256) : 0xf6a61000 0x0008d000 "\SystemRoot\System32\Drivers\Ntfs.SYS "
.\debug.cpp(256) : 0xf8a66000 0x00007000 "\??\D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS "
.\debug.cpp(256) : 0xf6a40000 0x00021000 "\SystemRoot\System32\DRIVERS\ipnat.sys "
.\debug.cpp(256) : 0xf8936000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys "
.\debug.cpp(256) : 0xf6a15000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys "
.\debug.cpp(256) : 0xf69a6000 0x0006f000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys "
.\debug.cpp(256) : 0xf8946000 0x00009000 "\SystemRoot\System32\Drivers\Fips.SYS "
.\debug.cpp(256) : 0xf8956000 0x00009000 "\SystemRoot\System32\Drivers\LHidUsb.Sys "
.\debug.cpp(256) : 0xf8966000 0x00009000 "\SystemRoot\System32\Drivers\HIDCLASS.SYS "
.\debug.cpp(256) : 0xf8a6e000 0x00007000 "\SystemRoot\System32\Drivers\HIDPARSE.SYS "
.\debug.cpp(256) : 0xf6946000 0x00038000 "\SystemRoot\System32\Drivers\awh87wk5.SYS "
.\debug.cpp(256) : 0xf8ad6000 0x00006000 "\SystemRoot\system32\DRIVERS\LHidFlt2.Sys "
.\debug.cpp(256) : 0xf7e0a000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
.\debug.cpp(256) : 0xf8986000 0x00010000 "\SystemRoot\system32\DRIVERS\LMouFlt2.Sys "
.\debug.cpp(256) : 0xf8996000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS "
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys "
.\debug.cpp(256) : 0xf7dfa000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys "
.\debug.cpp(256) : 0xf8ae6000 0x00005000 "\SystemRoot\System32\watchdog.sys "
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys "
.\debug.cpp(256) : 0xf8e74000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys "
.\debug.cpp(256) : 0xbf012000 0x00452000 "\SystemRoot\System32\nv4_disp.dll "
.\debug.cpp(256) : 0xb9d32000 0x0006e000 "\SystemRoot\System32\Drivers\BsUDF.SYS "
.\debug.cpp(256) : 0xb9d21000 0x00011000 "\SystemRoot\System32\Drivers\Udfs.SYS "
.\debug.cpp(256) : 0xf8c64000 0x00002000 "\SystemRoot\SYSTEM32\Drivers\wg3n.sys "
.\debug.cpp(256) : 0xb98e5000 0x0002c000 "\SystemRoot\System32\DRIVERS\mrxdav.sys "
.\debug.cpp(256) : 0xf8c7a000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS "
.\debug.cpp(256) : 0xb97e3000 0x00012000 "\??\C:\WINDOWS\system32\drivers\PfModNT.sys "
.\debug.cpp(256) : 0xb99b9000 0x0000a000 "\SystemRoot\System32\DRIVERS\secdrv.sys "
.\debug.cpp(256) : 0xb94ae000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys "
.\debug.cpp(256) : 0xb9815000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys "
.\debug.cpp(256) : 0xb929d000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys "
.\debug.cpp(256) : 0xb91bc000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys "
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\System32\ntdll.dll "
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
.\debug.cpp(400) : Destination "\Device\Ndis "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3: "
.\debug.cpp(400) : Destination "\Device\Scsi\awh87wk51 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
.\debug.cpp(400) : Destination "\Device\Video0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0FB7C238-0000-0000-9710-000000000000 "
.\debug.cpp(400) : Destination "\Device\0FB7C238-0000-0000-9710-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2OffsetCD1584800Length5CFF3B800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&10c7922&0#{97f76ef0-f883-11d0-af1f-0000f800845c} "
.\debug.cpp(400) : Destination "\Device\0000006c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&83#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
.\debug.cpp(400) : Destination "\Device\Video1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon "
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF.SYS "
.\debug.cpp(400) : Destination "\BsUDF "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
.\debug.cpp(400) : Destination "\Device\Video2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip "
.\debug.cpp(400) : Destination "\Device\Ip "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset6AD8E3C00Length2DCF1B000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev "
.\debug.cpp(400) : Destination "\Device\IPSEC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
.\debug.cpp(400) : Destination "\Device\Video3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000041 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset2EE1B7200Length3BF724C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY "
.\debug.cpp(400) : Destination "\Device\NDProxy "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\81ED9038-0000-0000-8A42-000000000000 "
.\debug.cpp(400) : Destination "\Device\81ED9038-0000-0000-8A42-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
.\debug.cpp(400) : Destination "\Device\Video4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0 "
.\debug.cpp(400) : Destination "\Device\Tun0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#IMAGE#0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f} "
.\debug.cpp(400) : Destination "\Device\00000005 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1 "
.\debug.cpp(400) : Destination "\Device\ParallelVdm0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8A9A7F28-0000-0000-D3F0-000000000000 "
.\debug.cpp(400) : Destination "\Device\8A9A7F28-0000-0000-D3F0-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr "
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsStor "
.\debug.cpp(400) : Destination "\Device\BsStor "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\00C80038-0000-0000-0022-000000000000 "
.\debug.cpp(400) : Destination "\Device\00C80038-0000-0000-0022-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E82A3CD6-0914-4D3A-8AE2-9020E766B448} "
.\debug.cpp(400) : Destination "\Device\{E82A3CD6-0914-4D3A-8AE2-9020E766B448} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6899-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1 "
.\debug.cpp(400) : Destination "\Device\Serial0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_6_Model_8#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000050 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
.\debug.cpp(400) : Destination "\Device\WMIDataDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LHidfltr "
.\debug.cpp(400) : Destination "\Device\LHidfltr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6895-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6F5BEAB8-071A-48CF-BA30-082E8B3EE5CD} "
.\debug.cpp(400) : Destination "\Device\{6F5BEAB8-071A-48CF-BA30-082E8B3EE5CD} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_WJGTAPK&Prod_KHIFSLI7CH2&Rev_1.03#5&36e5972&0&000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Scsi\awh87wk51Port3Path0Target0Lun0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
.\debug.cpp(400) : Destination "\Device\NamedPipe "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
.\debug.cpp(400) : Destination "\Device\00000047 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80#3&61aaa01&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000080 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
.\debug.cpp(400) : Destination "\Device\Mup "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched "
.\debug.cpp(400) : Destination "\Device\PSched "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PfModNT "
.\debug.cpp(400) : Destination "\Device\PfModNT "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT "
.\debug.cpp(400) : Destination "\Device\IPNAT "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPB02F#4&10c7922&0#{cae56030-684a-11d0-d6f6-00a0c90f57da} "
.\debug.cpp(400) : Destination "\Device\0000006f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{828FE58E-1572-443F-8DF6-08889EC18CC3} "
.\debug.cpp(400) : Destination "\Device\{828FE58E-1572-443F-8DF6-08889EC18CC3} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice "
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0036C238-0000-0000-A710-000000000000 "
.\debug.cpp(400) : Destination "\Device\0036C238-0000-0000-A710-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G: "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
.\debug.cpp(400) : Destination "\Device\USBFDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITEON_CD-ROM_LTN526D___________________9S03____#5&1e37d5f0&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TCP "
.\debug.cpp(400) : Destination "\Device\Tcp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{23F08B98-68EE-4E99-A8F9-159CC76219F6} "
.\debug.cpp(400) : Destination "\Device\{23F08B98-68EE-4E99-A8F9-159CC76219F6} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF "
.\debug.cpp(400) : Destination "\BsUDF "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\86A2DF28-0000-0000-0022-000000000000 "
.\debug.cpp(400) : Destination "\Device\86A2DF28-0000-0000-0022-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
.\debug.cpp(400) : Destination "\Device\VideoPdo0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6897-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&13f2badf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
.\debug.cpp(400) : Destination "\Device\USBFDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000046 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec4-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SSIDRV "
.\debug.cpp(400) : Destination "\Device\SSIDRV "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
.\debug.cpp(400) : Destination "\DosDevices\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
.\debug.cpp(400) : Destination "\Device\USBFDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000045 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1af31ff6-00db-11e0-b74f-00112f09f58a} "
.\debug.cpp(400) : Destination "\Device\Floppy0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio "
.\debug.cpp(400) : Destination "\Device\sysaudio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\81E23F28-0000-0000-D722-000000000000 "
.\debug.cpp(400) : Destination "\Device\81E23F28-0000-0000-D722-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\020E3038-0000-0000-14F0-000000000000 "
.\debug.cpp(400) : Destination "\Device\020E3038-0000-0000-14F0-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1 "
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
.\debug.cpp(400) : Destination "\Device\FsWrap "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
.\debug.cpp(400) : Destination "\Device\USBFDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000044 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H: "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000080 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
.\debug.cpp(400) : Destination "\Device\USBFDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilterStub "
.\debug.cpp(400) : Destination "\Device\DsdaFilterStub "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1 "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
.\debug.cpp(400) : Destination "\GLOBAL?? "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{43d6457f-4611-4825-add7-0369b77cc43c} "
.\debug.cpp(400) : Destination "\Device\00000080 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2 "
.\debug.cpp(400) : Destination "\Device\CdRom2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\023EFF28-0000-0000-8850-000000000000 "
.\debug.cpp(400) : Destination "\Device\023EFF28-0000-0000-8850-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0171&SUBSYS_00000000&REV_A3#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&29ae02ea&1&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\FloppyPDO0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&10c7922&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000006e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0 "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset34BBF7000Length46527F000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ebf-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
.\debug.cpp(400) : Destination "\Device\Secdrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{f117b9b2-6e65-11d2-a148-00001c2053de} "
.\debug.cpp(400) : Destination "\Device\00000080 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6896-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&37f4da28&1&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1} "
.\debug.cpp(400) : Destination "\Device\Parallel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec5-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8DB06338-0000-0000-0D10-000000000000 "
.\debug.cpp(400) : Destination "\Device\8DB06338-0000-0000-0D10-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPA000#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000056 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c016#5&3984d498&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LHidusb "
.\debug.cpp(400) : Destination "\Device\LHidusb "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7d8eea2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\81E11338-0000-0000-9710-000000000000 "
.\debug.cpp(400) : Destination "\Device\81E11338-0000-0000-9710-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$systemsecurity "
.\debug.cpp(400) : Destination "\Device\$systemsecurity "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DBAE4B70-8EB2-446C-BE5E-0F49F7700E88} "
.\debug.cpp(400) : Destination "\Device\{DBAE4B70-8EB2-446C-BE5E-0F49F7700E88} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0AAB6038-0000-0000-9950-000000000000 "
.\debug.cpp(400) : Destination "\Device\0AAB6038-0000-0000-9950-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF.VXD "
.\debug.cpp(400) : Destination "\BsUDF "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&81#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f792fe0c-99c5-11de-b522-00112f09f58a} "
.\debug.cpp(400) : Destination "\Device\CdRom2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec2-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
.\debug.cpp(400) : Destination "\Device\MountPointManager "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1a929f47&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000040 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32 "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig "
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\K: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
.\debug.cpp(400) : Destination "\Device\WANARP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\08C6FF28-0000-0000-B6E0-000000000000 "
.\debug.cpp(400) : Destination "\Device\08C6FF28-0000-0000-B6E0-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace "
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITEON_CD-ROM_LTN526D___________________9S03____#5&1e37d5f0&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A: "
.\debug.cpp(400) : Destination "\Device\Floppy0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMaxtor_4D040H2__________________________DAH017K0#3244513531424535202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
.\debug.cpp(400) : Destination "\Device\NdisWanIp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC} "
.\debug.cpp(400) : Destination "\Device\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_WJGTAPK&Prod_KHIFSLI7CH2&Rev_1.03#5&36e5972&0&000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Scsi\awh87wk51Port3Path0Target0Lun0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD800JB-00ETA0______________________77.07W77#4457572d41434c48393534333835_033_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMOUSE "
.\debug.cpp(400) : Destination "\Device\lmouse "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&82#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ae0c203&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset7B0E7DE00Length5206FEC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\036FFF28-0000-0000-95E0-000000000000 "
.\debug.cpp(400) : Destination "\Device\036FFF28-0000-0000-95E0-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\L: "
.\debug.cpp(400) : Destination "\Device\CdRom2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\00000047 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000043 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1 "
.\debug.cpp(400) : Destination "\Device\ParTechInc0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c73-03ab-11d9-acbc-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI "
.\debug.cpp(400) : Destination "\Device\NdisTapi "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
.\debug.cpp(400) : Destination "\Device\NdisWan "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1 "
.\debug.cpp(400) : Destination "\Device\Parallel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
.\debug.cpp(400) : Destination "\Device\AscKmd "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PWIPF6 "
.\debug.cpp(400) : Destination "\Device\pwipf6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST "
.\debug.cpp(400) : Destination "\Device\IPMULTICAST "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7EEE3CA0-950F-4767-942E-B9646276C0A9} "
.\debug.cpp(400) : Destination "\Device\{7EEE3CA0-950F-4767-942E-B9646276C0A9} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2 "
.\debug.cpp(400) : Destination "\Device\ParTechInc1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader "
.\debug.cpp(400) : Destination "\Device\DmLoader "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c71-03ab-11d9-acbc-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec0-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow "
.\debug.cpp(400) : Destination "\Device\LanmanRedirector "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e689a-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3 "
.\debug.cpp(400) : Destination "\Device\ParTechInc2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmwdmDev "
.\debug.cpp(400) : Destination "\Device\Smwdm0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c72-03ab-11d9-acbc-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec3-00f0-11d9-be0c-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV "
.\debug.cpp(400) : Destination "\Device\SASDIFSV "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_80ED1043&REV_86#3&61aaa01&0&84#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
.\debug.cpp(400) : Destination "\Device\FtControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset7E00Length2EE1A7600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset7E00Length34BBE7400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8359CF28-0000-0000-8B50-000000000000 "
.\debug.cpp(400) : Destination "\Device\8359CF28-0000-0000-8B50-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
.\debug.cpp(400) : Destination "\Device\MailSlot "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\81EBA038-0000-0000-A3F0-000000000000 "
.\debug.cpp(400) : Destination "\Device\81EBA038-0000-0000-A3F0-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
.\debug.cpp(400) : Destination "\DosDevices\COM1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3A57D337-89D6-47E5-9126-01295D20B9C6} "
.\debug.cpp(400) : Destination "\Device\{3A57D337-89D6-47E5-9126-01295D20B9C6} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0973FF28-0000-0000-3D50-000000000000 "
.\debug.cpp(400) : Destination "\Device\0973FF28-0000-0000-3D50-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
.\debug.cpp(400) : Destination " "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
.\debug.cpp(400) : Destination "\Device\Null "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000004a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
.\debug.cpp(400) : Destination "\Device\Scsi\viasraid1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3065&SUBSYS_80ED1043&REV_78#3&61aaa01&0&90#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000049 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6898-01b1-11d9-a349-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d9a72a8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8C80EF28-0000-0000-0022-000000000000 "
.\debug.cpp(400) : Destination "\Device\8C80EF28-0000-0000-0022-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\81E98038-0000-0000-0022-000000000000 "
.\debug.cpp(400) : Destination "\Device\81E98038-0000-0000-0022-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo "
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo "
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 16bb08ba9cabb5844b084485e91769e3
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 74 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1119) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1121) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1122) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1126) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1127) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1130) :
.\boot_cleaner.cpp(1152) : Done;

broni · 2011/12/20

That looks good

Post fresh aswMBR log.

Then....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni · 2011/12/20

We posted at the same time.
Read my previous reply.

wisserd · 2011/12/20

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-20 23:19:22
-----------------------------
23:19:22.312 OS Version: Windows 5.1.2600 Service Pack 2
23:19:22.312 Number of processors: 1 586 0x801
23:19:22.328 ComputerName: ZAR UserName:
23:19:46.343 Initialize success
23:19:58.781 AVAST engine download error: 0
23:20:03.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
23:20:03.890 Disk 0 Vendor: WDC_WD800JB-00ETA0 77.07W77 Size: 76319MB BusType: 3
23:20:03.906 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
23:20:03.906 Disk 1 Vendor: Maxtor_4D040H2 DAH017K0 Size: 39083MB BusType: 3
23:20:03.921 Device \Driver\atapi -> MajorFunction 833dd1f8
23:20:05.953 Disk 0 MBR read successfully
23:20:05.968 Disk 0 MBR scan
23:20:05.984 Disk 0 unknown MBR code
23:20:06.015 Disk 0 scanning sectors +156280320
23:20:06.062 Disk 0 scanning C:\WINDOWS\system32\drivers
23:20:17.046 Service scanning
23:20:18.203 Service SASENUM C:\WINDOWS\D:\PROGRA~1\SCANNE~1\SUUPER~1\SASENUM.SYS **LOCKED** 123
23:20:18.234 Service SASKUTIL C:\WINDOWS\D:\PROGRA~1\SCANNE~1\SUUPER~1\SASKUTIL.SYS **LOCKED** 123
23:20:18.296 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:20:18.968 Modules scanning
23:20:31.562 Disk 0 trace - called modules:
23:20:31.609 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x833dd1f8]<<
23:20:31.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8335dab8]
23:20:31.671 3 CLASSPNP.SYS[f879705b] -> nt!IofCallDriver -> \Device\00000075[0x8334feb0]
23:20:31.703 5 ACPI.sys[f85d4620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8333a940]
23:20:31.734 \Driver\atapi[0x83351d20] -> IRP_MJ_CREATE -> 0x833dd1f8
23:20:31.781 Scan finished successfully
23:21:00.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Wizard\Desktop\MBR.dat "
23:21:00.812 The log file has been saved successfully to "C:\Documents and Settings\Wizard\Desktop\aswMBR2txt.txt "

broni · 2011/12/20

Looks good

wisserd · 2011/12/21

ComboFix 11-12-20.04 - Administrator 12/21/2011 0:54.6.1 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.233 [GMT -6:00]
Running from: c:\documents and settings\Wizard\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with Spy Sweeper *Disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Wizard\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\Wizard\Desktop\System Fix.lnk
c:\windows\patch.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\aliases.ini
c:\windows\system32\drivers\control.ini
c:\windows\system32\drivers\nicks.txt
c:\windows\system32\drivers\remote.ini
c:\windows\system32\drivers\servers.ini
c:\windows\system32\ie.ico
c:\windows\system32\msssc.dll
c:\windows\system32\open.ico
c:\windows\twain_16.dll
c:\windows\winhelp.ini
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\4YDicJjccpVKPl.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\5C321E34.TMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Wizard\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Wizard\Start Menu\Programs\System Fix
c:\documents and settings\Wizard\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\Wizard\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\windows\bwUnin-6.1.4.61-8876480L.exe
c:\windows\system32\DC120fc7_32.dll
c:\windows\WindowsUpdate.log
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-19 04:59 . 2011-12-19 04:59 -------- d-----w- C:\FOUND.001
2011-12-18 19:20 . 2011-12-18 19:20 -------- d-----w- C:\FOUND.000
2011-12-18 04:48 . 2011-12-18 04:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
2011-12-17 22:47 . 2011-12-17 22:47 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-12-06 00:40 . 2011-12-06 00:40 -------- d--h--w- c:\documents and settings\Wizard\Application Data\FreeFileViewer
2011-12-06 00:10 . 2011-12-06 00:10 -------- d--h--w- c:\program files\File Type Assistant
2011-12-06 00:08 . 2011-12-06 00:08 -------- d--h--w- c:\program files\FreeFileViewer
2011-12-04 03:54 . 2010-07-26 04:23 544768 ---ha-w- c:\windows\system32\wbocx.ocx
2011-12-04 03:54 . 2010-07-26 04:23 56496 ---ha-w- c:\windows\system32\wbhelp2.dll
2011-12-04 03:54 . 2010-07-26 04:23 1706800 ---ha-w- c:\windows\system32\gdiplus.dll
2011-12-04 03:54 . 2010-07-26 04:23 33968 ---ha-w- c:\windows\system32\anim.dll
2011-11-24 14:15 . 2011-11-24 14:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-11-24 14:15 . 2011-11-24 14:15 -------- d--h--w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 23:20 . 2011-07-01 05:49 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 01:17 1487240 ---ha-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz "= "nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Lexmark X74-X75 "= "c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"QuickTime Task "= "d:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SpySweeper "= "d:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2006-10-04 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{a5780613-492e-4a2a-a7fd-549610edf6cc} "= "d:\program files\VCOM\Recovery Commander\RCHOOK.DLL" [2003-06-12 102400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "d:\program files\scanners cleaners\suuperantispyware\SASSEH.DLL" [2008-05-28 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-308236825-725345543-1003\Scripts\Logoff\0\0]
"Script "=
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@= "Service "
path=
backup=
.
[HKLM\~\startupfolder\^.plugin141_02.trace]
path=\.plugin141_02.trace
.
[HKLM\~\startupfolder\^.plugin141_07.trace]
path=\.plugin141_07.trace
.
[HKLM\~\startupfolder\^.recently-used.xbel]
path=\.recently-used.xbel
.
[HKLM\~\startupfolder\^a01600]
path=\a01600
.
[HKLM\~\startupfolder\^NTUSER.BAK]
path=\NTUSER.BAK
.
[HKLM\~\startupfolder\^NTUSER.BK1]
path=\NTUSER.BK1
.
[HKLM\~\startupfolder\^NTUSER.DAT]
path=\NTUSER.DAT
.
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
.
[HKLM\~\startupfolder\^ntuser.dat.rmbak]
path=\ntuser.dat.rmbak
.
[HKLM\~\startupfolder\^NTUSER.DFG.LOG]
path=\NTUSER.DFG.LOG
.
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
.
[HKLM\~\startupfolder\^PDF9B.PDF]
path=\PDF9B.PDF
.
[HKLM\~\startupfolder\^S-1-5-21-515967899-308236825-725345543-1003.rrr.LOG]
path=\S-1-5-21-515967899-308236825-725345543-1003.rrr.LOG
.
[HKLM\~\startupfolder\^the workgear outlet]
path=\the workgear outlet
.
[HKLM\~\startupfolder\^WINDOWS]
path=\WINDOWS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mGiJpKILEPL.exe]
c:\documents and settings\All Users\Application Data\mGiJpKILEPL.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC "=2 (0x2)
"iPodService "=3 (0x3)
"SDhelper "=2 (0x2)
"Apple Mobile Device "=2 (0x2)
"helpsvc "=2 (0x2)
"Bonjour Service "=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"d:\\open zip\\Phoenix_Dynasty_Online_Client_7403.exe "=
"c:\\WINDOWS\\System32\\LEXPPS.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"d:\\Program Files\\iTunes\\iTunes.exe "=
"d:\\Program Files\\opera\\opera.exe "=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe "=
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [9/23/2004 7:55 PM 9344]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/4/2009 9:35 PM 721904]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [9/8/2004 4:43 PM 77312]
R2 WRConsumerService;Webroot Client Service;d:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [3/15/2011 10:44 PM 1201640]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/9/2011 5:40 PM 13496]
S1 SASDIFSV;SASDIFSV;d:\program files\scanners cleaners\suuperantispyware\SASDIFSV.SYS [10/10/2006 1:53 PM 8944]
S1 SASKUTIL;SASKUTIL;d:\progra~1\SCANNE~1\SUUPER~1\SASKUTIL.SYS [2/27/2007 12:39 PM 55024]
S2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [9/23/2004 7:55 PM 449280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 IS360service;IS360service;d:\program files\IObit\IObit Security 360\is360srv.exe [2/18/2011 8:43 AM 312152]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 2:35 PM 227184]
S2 Secunia Update Agent;Secunia Update Agent;d:\program files\Secunia\PSI\sua.exe [1/10/2011 8:24 AM 399416]
S3 ASEService;Aluria Spyware Eliminator Service; [x]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/25/2011 8:20 PM 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/25/2011 8:20 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [9/25/2011 8:20 PM 42752]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [9/25/2011 8:20 PM 24064]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
S3 SASENUM;SASENUM;d:\progra~1\SCANNE~1\SUUPER~1\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S3 Secunia PSI Agent;Secunia PSI Agent;d:\program files\Secunia\PSI\psia.exe [1/10/2011 8:24 AM 993848]
S3 SNDP202;Bushnell ImageView;c:\windows\system32\drivers\sndp202.sys [12/11/2010 3:52 PM 243968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 FileDeleter;ZeroSpyware FileDeleter; [x]
S4 sdAuxService;PC Tools Auxiliary Service; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-308236825-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
2011-12-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-308236825-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
2011-11-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-308236825-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
2011-12-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-308236825-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
2011-03-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-02 01:17]
.
2011-12-20 c:\windows\Tasks\Scheduled Checkpoint.job
- d:\program files\VCOM\Recovery Commander\RCSCHED.EXE [2005-03-27 22:45]
.
2011-08-25 c:\windows\Tasks\RegCure.job
- d:\program files\RegCure\RegCure.exe [2006-06-06 23:23]
.
2011-12-21 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-12-06 21:24]
.
2011-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uCustomizeSearch =
uSearchAssistant =
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fjz5jkk0.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-21 01:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-308236825-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,df,8a,7e,29,99,c5,46,88,2d,e0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,df,8a,7e,29,99,c5,46,88,2d,e0,\
.
Completion time: 2011-12-21 01:58:56
ComboFix-quarantined-files.txt 2011-12-21 07:58
.
Pre-Run: 4,579,549,184 bytes free
Post-Run: 4,543,479,808 bytes free
.
- - End Of File - - 83A670A9DCD5C46E3BC5BD0BFF3EDB97

wisserd · 2011/12/21

Had to run combofix in safe mode, got to Preparing log report hung there for 2 hours. Tried twice, then went to safe mode.

Desktop icons all load now, no blank screen. Still takes 14 min to boot up

broni · 2011/12/21

Uninstall Ask Toolbar, typical foistware.

Combofix log looks fine.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

wisserd · 2011/12/21

I'm on another computer
OLT has been on "scanning firefox setting" for 15 min

broni · 2011/12/22

Be patient.

Log in or Sign up

Solved Hijack.TaskManager, TDSSConf-A, Security 2012

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Hijack.TaskManager, TDSSConf-A, Security 2012

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches