Solved Generic Host Process for Win32 has encountered a problem

It ran really quickly this morning, and I'd sat up until 1.30am worried to manually restart it!


BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\i386\atapi.sys ", destinationFile = "\??\c:\windows\system32\drivers\atapi.sys "

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\i386\atapi.sys ", destinationFile = "\??\c:\windows\system32\drivers\atapi.sys "

I'll run the next one now.

 

SystemLook 04.09.10 by jpshortstuff
Log created at 08:23 on 05/05/2011 by Gary Dixon
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys "
C:\i386\atapi.sys --a---- 95360 bytes [08:26 04/10/2006] [21:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c- 95360 bytes [08:52 01/12/2009] [21:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------- 96512 bytes [18:11 27/12/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a---- 95360 bytes [21:59 03/08/2004] [06:51 05/05/2011] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys --a---- 95360 bytes [12:19 21/09/2006] [21:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-= EOF =-

 

Hi, done just now.

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`04e71400

Size Device Name MBR Status
--------------------------------------------
73 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

 

This was on my desktop, I don't remember seeing it before and the time is about an hour ago?

.\debug.cpp(238) : Debug log started at 05.05.2011 - 17:12:43
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe "
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll "
.\debug.cpp(256) : 0x83103000 0x00003000 "\WINDOWS\system32\KDCOM.DLL "
.\debug.cpp(256) : 0xf8888000 0x00003000 "\WINDOWS\system32\BOOTVID.dll "
.\debug.cpp(256) : 0xf8345000 0x0002e000 "ACPI.sys "
.\debug.cpp(256) : 0xf8974000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS "
.\debug.cpp(256) : 0xf8334000 0x00011000 "pci.sys "
.\debug.cpp(256) : 0xf8474000 0x0000a000 "isapnp.sys "
.\debug.cpp(256) : 0xf888c000 0x00003000 "compbatt.sys "
.\debug.cpp(256) : 0xf8890000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS "
.\debug.cpp(256) : 0xf8a3c000 0x00001000 "pciide.sys "
.\debug.cpp(256) : 0xf86f4000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS "
.\debug.cpp(256) : 0xf8484000 0x0000b000 "MountMgr.sys "
.\debug.cpp(256) : 0xf8315000 0x0001f000 "ftdisk.sys "
.\debug.cpp(256) : 0xf86fc000 0x00005000 "PartMgr.sys "
.\debug.cpp(256) : 0xf8494000 0x0000d000 "VolSnap.sys "
.\debug.cpp(256) : 0xf82fd000 0x00018000 "atapi.sys "
.\debug.cpp(256) : 0xf84a4000 0x00009000 "disk.sys "
.\debug.cpp(256) : 0xf84b4000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS "
.\debug.cpp(256) : 0xf82dd000 0x00020000 "fltmgr.sys "
.\debug.cpp(256) : 0xf82cb000 0x00012000 "sr.sys "
.\debug.cpp(256) : 0xf826e000 0x0005d000 "mfehidk.sys "
.\debug.cpp(256) : 0xf8259000 0x00015000 "drvmcdb.sys "
.\debug.cpp(256) : 0xf84c4000 0x0000a000 "PxHelp20.sys "
.\debug.cpp(256) : 0xf8242000 0x00017000 "KSecDD.sys "
.\debug.cpp(256) : 0xf81b5000 0x0008d000 "Ntfs.sys "
.\debug.cpp(256) : 0xf8188000 0x0002d000 "NDIS.sys "
.\debug.cpp(256) : 0xf84d4000 0x0000c000 "RapportKELL.sys "
.\debug.cpp(256) : 0xf84e4000 0x00010000 "ohci1394.sys "
.\debug.cpp(256) : 0xf84f4000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS "
.\debug.cpp(256) : 0xf816e000 0x0001a000 "Mup.sys "
.\debug.cpp(256) : 0xf8514000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys "
.\debug.cpp(256) : 0xf8604000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys "
.\debug.cpp(256) : 0xf8954000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys "
.\debug.cpp(256) : 0xf8958000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys "
.\debug.cpp(256) : 0xf68b4000 0x0014e000 "\SystemRoot\system32\DRIVERS\ialmnt5.sys "
.\debug.cpp(256) : 0xf68a0000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS "
.\debug.cpp(256) : 0xf6878000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys "
.\debug.cpp(256) : 0xf671a000 0x0015e000 "\SystemRoot\system32\DRIVERS\w39n51.sys "
.\debug.cpp(256) : 0xf8834000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys "
.\debug.cpp(256) : 0xf66f6000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS "
.\debug.cpp(256) : 0xf883c000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
.\debug.cpp(256) : 0xf8614000 0x0000c000 "\SystemRoot\system32\DRIVERS\bcm4sbxp.sys "
.\debug.cpp(256) : 0xf66e2000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys "
.\debug.cpp(256) : 0xf8844000 0x00007000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys "
.\debug.cpp(256) : 0xf8624000 0x0000d000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys "
.\debug.cpp(256) : 0xf6696000 0x0004c000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys "
.\debug.cpp(256) : 0xf8634000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys "
.\debug.cpp(256) : 0xf6667000 0x0002f000 "\SystemRoot\system32\DRIVERS\SynTP.sys "
.\debug.cpp(256) : 0xf89ac000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS "
.\debug.cpp(256) : 0xf884c000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys "
.\debug.cpp(256) : 0xf8854000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys "
.\debug.cpp(256) : 0xf8644000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys "
.\debug.cpp(256) : 0xf8654000 0x00009000 "\SystemRoot\System32\Drivers\AFS2K.SYS "
.\debug.cpp(256) : 0xf89ae000 0x00002000 "\SystemRoot\system32\drivers\sscdbhk5.sys "
.\debug.cpp(256) : 0xf8664000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys "
.\debug.cpp(256) : 0xf8674000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys "
.\debug.cpp(256) : 0xf6644000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys "
.\debug.cpp(256) : 0xf885c000 0x00006000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys "
.\debug.cpp(256) : 0xf8bbd000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys "
.\debug.cpp(256) : 0xf50ea000 0x00014000 "\SystemRoot\system32\DRIVERS\mfendisk.sys "
.\debug.cpp(256) : 0xf7562000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys "
.\debug.cpp(256) : 0xf714e000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys "
.\debug.cpp(256) : 0xf50d3000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys "
.\debug.cpp(256) : 0xf8564000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys "
.\debug.cpp(256) : 0xf8574000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys "
.\debug.cpp(256) : 0xf6b0e000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS "
.\debug.cpp(256) : 0xf50c2000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys "
.\debug.cpp(256) : 0xf75a2000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys "
.\debug.cpp(256) : 0xf509e000 0x00024000 "\SystemRoot\system32\drivers\mfeavfk.sys "
.\debug.cpp(256) : 0xf2d1a000 0x0004b000 "\SystemRoot\system32\drivers\mfefirek.sys "
.\debug.cpp(256) : 0xf8804000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys "
.\debug.cpp(256) : 0xf87cc000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys "
.\debug.cpp(256) : 0xf468d000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys "
.\debug.cpp(256) : 0xf8a00000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys "
.\debug.cpp(256) : 0xf204f000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys "
.\debug.cpp(256) : 0xf814a000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys "
.\debug.cpp(256) : 0xf87bc000 0x00005000 "\SystemRoot\system32\DRIVERS\omci.sys "
.\debug.cpp(256) : 0xf203b000 0x00014000 "\SystemRoot\system32\DRIVERS\zte_mf651_dc_enum.sys "
.\debug.cpp(256) : 0xf467d000 0x0000e000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS "
.\debug.cpp(256) : 0xf1fca000 0x00071000 "\SystemRoot\System32\Drivers\wdf01000.sys "
.\debug.cpp(256) : 0xf466d000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
.\debug.cpp(256) : 0xaa6b0000 0x00110000 "\SystemRoot\system32\drivers\sthda.sys "
.\debug.cpp(256) : 0xaa68c000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys "
.\debug.cpp(256) : 0xf7582000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys "
.\debug.cpp(256) : 0xaa65a000 0x00032000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys "
.\debug.cpp(256) : 0xaa55d000 0x000fd000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys "
.\debug.cpp(256) : 0xaa4ad000 0x000b0000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys "
.\debug.cpp(256) : 0xf87a4000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS "
.\debug.cpp(256) : 0xf75c2000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys "
.\debug.cpp(256) : 0xf25e4000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS "
.\debug.cpp(256) : 0xaa257000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
.\debug.cpp(256) : 0xf24d6000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS "
.\debug.cpp(256) : 0xaa255000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS "
.\debug.cpp(256) : 0xf881c000 0x00006000 "\SystemRoot\system32\drivers\ssrtln.sys "
.\debug.cpp(256) : 0xf8824000 0x00006000 "\SystemRoot\System32\drivers\vga.sys "
.\debug.cpp(256) : 0xaa253000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS "
.\debug.cpp(256) : 0xaa23b000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
.\debug.cpp(256) : 0xaa365000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS "
.\debug.cpp(256) : 0xaa35d000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS "
.\debug.cpp(256) : 0xf1f12000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys "
.\debug.cpp(256) : 0xa8b65000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys "
.\debug.cpp(256) : 0xa8b0c000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys "
.\debug.cpp(256) : 0xa8af9000 0x00013000 "\SystemRoot\system32\drivers\mfetdi2k.sys "
.\debug.cpp(256) : 0xa8ad1000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys "
.\debug.cpp(256) : 0xf2462000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys "
.\debug.cpp(256) : 0xaa1e5000 0x00003000 "\SystemRoot\System32\drivers\ws2ifsl.sys "
.\debug.cpp(256) : 0xa8aaf000 0x00022000 "\SystemRoot\System32\drivers\afd.sys "
.\debug.cpp(256) : 0xf7532000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys "
.\debug.cpp(256) : 0xf85f4000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys "
.\debug.cpp(256) : 0xa8a84000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys "
.\debug.cpp(256) : 0xa736a000 0x00026000 "\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys "
.\debug.cpp(256) : 0xa3de0000 0x0000f000 "\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys "
.\debug.cpp(256) : 0xa3dd0000 0x0000d000 "\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys "
.\debug.cpp(256) : 0xa29bb000 0x00060000 "\??\C:\WINDOWS\system32\drivers\RapportBuka.sys "
.\debug.cpp(256) : 0xa294b000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys "
.\debug.cpp(256) : 0xa3994000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS "
.\debug.cpp(256) : 0xa38b4000 0x00004000 "\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS "
.\debug.cpp(256) : 0xa3974000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS "
.\debug.cpp(256) : 0xa2933000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys "
.\debug.cpp(256) : 0xa53d1000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS "
.\debug.cpp(256) : 0xbf800000 0x001c6000 "\SystemRoot\System32\win32k.sys "
.\debug.cpp(256) : 0xa3504000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys "
.\debug.cpp(256) : 0xa3890000 0x00005000 "\SystemRoot\System32\watchdog.sys "
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys "
.\debug.cpp(256) : 0xf8a7d000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys "
.\debug.cpp(256) : 0xbf020000 0x00022000 "\SystemRoot\System32\ialmdnt5.dll "
.\debug.cpp(256) : 0xbf012000 0x0000e000 "\SystemRoot\System32\ialmrnt5.dll "
.\debug.cpp(256) : 0xbf042000 0x00035000 "\SystemRoot\System32\ialmdev5.DLL "
.\debug.cpp(256) : 0xbf077000 0x000e2000 "\SystemRoot\System32\ialmdd5.DLL "
.\debug.cpp(256) : 0xbf159000 0x00047000 "\SystemRoot\System32\ATMFD.DLL "
.\debug.cpp(256) : 0xa946f000 0x0000a000 "\SystemRoot\system32\drivers\drvnddm.sys "
.\debug.cpp(256) : 0xf8b23000 0x00001000 "\SystemRoot\system32\dla\tfsndres.sys "
.\debug.cpp(256) : 0xa291d000 0x00016000 "\SystemRoot\system32\dla\tfsnifs.sys "
.\debug.cpp(256) : 0xf6bd6000 0x00004000 "\SystemRoot\system32\dla\tfsnopio.sys "
.\debug.cpp(256) : 0xa53cd000 0x00002000 "\SystemRoot\system32\dla\tfsnpool.sys "
.\debug.cpp(256) : 0xa30c2000 0x00007000 "\SystemRoot\system32\dla\tfsnboio.sys "
.\debug.cpp(256) : 0xa945f000 0x00009000 "\SystemRoot\system32\dla\tfsncofs.sys "
.\debug.cpp(256) : 0xf8b24000 0x00001000 "\SystemRoot\system32\dla\tfsndrct.sys "
.\debug.cpp(256) : 0xa2904000 0x00019000 "\SystemRoot\system32\dla\tfsnudf.sys "
.\debug.cpp(256) : 0xa28eb000 0x00019000 "\SystemRoot\system32\dla\tfsnudfa.sys "
.\debug.cpp(256) : 0xa90e6000 0x00005000 "\SystemRoot\system32\DRIVERS\AegisP.sys "
.\debug.cpp(256) : 0xaa1d1000 0x00004000 "\SystemRoot\system32\DRIVERS\packet.sys "
.\debug.cpp(256) : 0xa7633000 0x00004000 "\SystemRoot\system32\DRIVERS\s24trans.sys "
.\debug.cpp(256) : 0xa7056000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys "
.\debug.cpp(256) : 0xa27f6000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys "
.\debug.cpp(256) : 0xa40a2000 0x00002000 "\SystemRoot\System32\Drivers\ASCTRM.SYS "
.\debug.cpp(256) : 0xa2791000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys "
.\debug.cpp(256) : 0xf7542000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys "
.\debug.cpp(256) : 0xa25fb000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys "
.\debug.cpp(256) : 0xa269e000 0x00003000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys "
.\debug.cpp(256) : 0xa1f97000 0x0000c000 "\SystemRoot\system32\drivers\cfwids.sys "
.\debug.cpp(256) : 0xa65fb000 0x00005000 "\SystemRoot\system32\DRIVERS\LVPr2Mon.sys "
.\debug.cpp(256) : 0xa1e87000 0x00009000 "\??\C:\WINDOWS\system32\FsUsbExDisk.SYS "
.\debug.cpp(256) : 0xa1cd6000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys "
.\debug.cpp(256) : 0xa12fe000 0x00016000 "\SystemRoot\system32\drivers\mfeapfk.sys "
.\debug.cpp(256) : 0xa13fe000 0x0000b000 "\SystemRoot\system32\drivers\mfebopk.sys "
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll "
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
.\debug.cpp(400) : Destination "\Device\Ndis "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
.\debug.cpp(400) : Destination "\Device\Video0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
.\debug.cpp(400) : Destination "\Device\Video1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CC0CA6FB-51B8-4ED4-89FC-80EDB99FFE7E} "
.\debug.cpp(400) : Destination "\Device\{CC0CA6FB-51B8-4ED4-89FC-80EDB99FFE7E} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000048 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\OAKAFSUI "
.\debug.cpp(400) : Destination "\Device\OAKAFSUI "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000005f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip "
.\debug.cpp(400) : Destination "\Device\Ip "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d832dde1-4cb7-11db-9d76-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LogiProcMon2 "
.\debug.cpp(400) : Destination "\Device\LogiProcMon2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
.\debug.cpp(400) : Destination "\Device\Video2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2263344d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3932ba15&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev "
.\debug.cpp(400) : Destination "\Device\IPSEC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
.\debug.cpp(400) : Destination "\Device\Video3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000047 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000005e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WGUARDNT "
.\debug.cpp(400) : Destination "\Device\mfehidk "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000085 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY "
.\debug.cpp(400) : Destination "\Device\NDProxy "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MFE_NDISKMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000043 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
.\debug.cpp(400) : Destination "\Device\Video4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{F65CE8E9-FB71-437C-B91D-9CC7859440AE} "
.\debug.cpp(400) : Destination "\Device\s24trans_{F65CE8E9-FB71-437C-B91D-9CC7859440AE} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&25e2ff18&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\OMCI "
.\debug.cpp(400) : Destination "\Device\OMCI "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a} "
.\debug.cpp(400) : Destination "\Device\0000005d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery "
.\debug.cpp(400) : Destination "\Device\CompositeBattery "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
.\debug.cpp(400) : Destination "\Device\WMIDataDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB319038-DAC1-40CE-91B3-B577DFF6945F} "
.\debug.cpp(400) : Destination "\Device\{DB319038-DAC1-40CE-91B3-B577DFF6945F} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d832dde2-4cb7-11db-9d76-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DD9898F8-9EEE-4F30-8B86-80AC4C80E53F} "
.\debug.cpp(400) : Destination "\Device\{DD9898F8-9EEE-4F30-8B86-80AC4C80E53F} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
.\debug.cpp(400) : Destination "\Device\NamedPipe "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d832dde0-4cb7-11db-9d76-806d6172696f} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureD0F4738COffset4E71400LengthD2B8D3A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_01BD1028&REV_01#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
.\debug.cpp(400) : Destination "\Device\Winachsf0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
.\debug.cpp(400) : Destination "\Device\Mup "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Conexant HDA D110 MDC V.92 Modem "
.\debug.cpp(400) : Destination "\Device\00000086 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched "
.\debug.cpp(400) : Destination "\Device\PSched "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\00000085 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{f6c58c1f-7d44-4dd1-b240-dee24d44fd91} "
.\debug.cpp(400) : Destination "\Device\00000085 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice "
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
.\debug.cpp(400) : Destination "\Device\USBFDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRom_NEC_DVD+-RW_ND-6650A___________________102C____#5&2c81f6de&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02#4&2fe911e8&0&00F0#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp "
.\debug.cpp(400) : Destination "\Device\Tcp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec "
.\debug.cpp(400) : Destination "\Device\I2OExec "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FsUsbExDisk "
.\debug.cpp(400) : Destination "\Device\FsUsbExDisk "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{F65CE8E9-FB71-437C-B91D-9CC7859440AE} "
.\debug.cpp(400) : Destination "\Device\s24trans_{F65CE8E9-FB71-437C-B91D-9CC7859440AE} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
.\debug.cpp(400) : Destination "\Device\USBFDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
.\debug.cpp(400) : Destination "\Device\VideoPdo0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\rapport_service_early_injection "
.\debug.cpp(400) : Destination "\Device\rapport_service_early_injection "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer "
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
.\debug.cpp(400) : Destination "\DosDevices\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
.\debug.cpp(400) : Destination "\Device\USBFDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mfehidk "
.\debug.cpp(400) : Destination "\Device\mfehidk "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio "
.\debug.cpp(400) : Destination "\Device\sysaudio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
.\debug.cpp(400) : Destination "\Device\FsWrap "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
.\debug.cpp(400) : Destination "\Device\USBFDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000004a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000004c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_01BD1028&REV_03#3&61aaa01&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EB23DC69-611A-4A1D-9A9A-01EBF3DE1E5B} "
.\debug.cpp(400) : Destination "\Device\{EB23DC69-611A-4A1D-9A9A-01EBF3DE1E5B} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRom_NEC_DVD+-RW_ND-6650A___________________102C____#5&2c81f6de&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
.\debug.cpp(400) : Destination "\Device\USBFDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
.\debug.cpp(400) : Destination "\GLOBAL?? "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS "
.\debug.cpp(400) : Destination "\Device\S24Trans.sys "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{560B6ABD-EDE8-41DE-9351-327521EFA423} "
.\debug.cpp(400) : Destination "\Device\{560B6ABD-EDE8-41DE-9351-327521EFA423} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d} "
.\debug.cpp(400) : Destination "\Device\00000085 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet_{F65CE8E9-FB71-437C-B91D-9CC7859440AE} "
.\debug.cpp(400) : Destination "\Device\Packet_{F65CE8E9-FB71-437C-B91D-9CC7859440AE} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvnddm "
.\debug.cpp(400) : Destination "\Device\drvnddm "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\rapport_service_buka "
.\debug.cpp(400) : Destination "\Device\rapport_service_buka "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MFE_NDISKMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B51E43FB-660A-4ADC-B5A8-F4898BDC32DE} "
.\debug.cpp(400) : Destination "\Device\{B51E43FB-660A-4ADC-B5A8-F4898BDC32DE} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_01BD1028&REV_00#4&2fe911e8&0&08F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0 "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet_{13089D58-096B-439C-8AB2-B2ADF2FA4256} "
.\debug.cpp(400) : Destination "\Device\Packet_{13089D58-096B-439C-8AB2-B2ADF2FA4256} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{F65CE8E9-FB71-437C-B91D-9CC7859440AE} "
.\debug.cpp(400) : Destination "\Device\AegisP_{F65CE8E9-FB71-437C-B91D-9CC7859440AE} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_01BD1028&REV_01#3&61aaa01&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM_#{4afa3d51-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000005a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000085 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0 "
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\rapport_cerberus "
.\debug.cpp(400) : Destination "\Device\rapport_cerberus_v2_26169 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000085 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7FF01613-CC5C-4153-A193-730DF379FE73} "
.\debug.cpp(400) : Destination "\Device\{7FF01613-CC5C-4153-A193-730DF379FE73} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394 "
.\debug.cpp(400) : Destination "\Device\ARP1394 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900#4&2973568e&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4} "
.\debug.cpp(400) : Destination "\Device\00000086 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureD0F4738COffsetD30F1D000Length44D228C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRom_NEC_DVD+-RW_ND-6650A___________________102C____#5&2c81f6de&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASCTRM "
.\debug.cpp(400) : Destination "\Device\ASCTRM "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&25e2ff18&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000075 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_01BD1028&REV_01#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\rapport_service_process_guard "
.\debug.cpp(400) : Destination "\Device\rapport_service_process_guard "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0003#{119967a1-b1db-4d60-b518-1629d0bd3961} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
.\debug.cpp(400) : Destination "\Device\MountPointManager "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800} "
.\debug.cpp(400) : Destination "\Device\00000085 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000046 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000058 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32 "
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000060 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
.\debug.cpp(400) : Destination "\Device\WANARP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BE656344-CB99-4D79-B2DC-D43D55293D96} "
.\debug.cpp(400) : Destination "\Device\{BE656344-CB99-4D79-B2DC-D43D55293D96} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{36B88821-6704-4A62-A4C2-05588EDF9A11} "
.\debug.cpp(400) : Destination "\Device\{36B88821-6704-4A62-A4C2-05588EDF9A11} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskTOSHIBA_MK8032GSX_______________________AS112D__#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_01BD1028&REV_01#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10218086&REV_02#4&6c79fc5&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
.\debug.cpp(400) : Destination "\Device\NdisWanIp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP "
.\debug.cpp(400) : Destination "\Device\AegisP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1a83cd01&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_01BD1028&REV_01#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900#4&2973568e&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42} "
.\debug.cpp(400) : Destination "\Device\00000086 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0 "
.\debug.cpp(400) : Destination "\Device\1394BUS0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\rapport_akl_ll "
.\debug.cpp(400) : Destination "\Device\rapport_akl_ll "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\APPDRV "
.\debug.cpp(400) : Destination "\Device\APPDRV "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000049 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1 "
.\debug.cpp(400) : Destination "\Device\ParTechInc0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI "
.\debug.cpp(400) : Destination "\Device\NdisTapi "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
.\debug.cpp(400) : Destination "\Device\NdisWan "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys "
.\debug.cpp(400) : Destination "\Device\S24Trans.sys "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST "
.\debug.cpp(400) : Destination "\Device\IPMULTICAST "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0F3527D-155E-4DF1-B594-DA1628434A19} "
.\debug.cpp(400) : Destination "\Device\{E0F3527D-155E-4DF1-B594-DA1628434A19} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0 "
.\debug.cpp(400) : Destination "\Device\MICH_AZ0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A6&SUBSYS_01BD1028&REV_03#3&61aaa01&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2 "
.\debug.cpp(400) : Destination "\Device\ParTechInc1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow "
.\debug.cpp(400) : Destination "\Device\LanmanRedirector "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14} "
.\debug.cpp(400) : Destination "\Device\00000085 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000059 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3 "
.\debug.cpp(400) : Destination "\Device\ParTechInc2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb "
.\debug.cpp(400) : Destination "\Device\drvmcdb "
.\debug.cpp(409) : --
.\debug.cpp(369) : Device "\GLOBAL??\TFSWIFS "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{489F387A-9AB0-4AC3-BD07-B3B6EE6AA71A} "
.\debug.cpp(400) : Destination "\Device\{489F387A-9AB0-4AC3-BD07-B3B6EE6AA71A} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
.\debug.cpp(400) : Destination "\Device\FtControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
.\debug.cpp(400) : Destination "\Device\MailSlot "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
.\debug.cpp(400) : Destination "\DosDevices\COM1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&10d90b96&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MFE_NDISKMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000044 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet "
.\debug.cpp(400) : Destination "\Device\Packet "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
.\debug.cpp(400) : Destination " "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio "
.\debug.cpp(400) : Destination "\Device\Ndisuio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{13089D58-096B-439C-8AB2-B2ADF2FA4256} "
.\debug.cpp(400) : Destination "\Device\{13089D58-096B-439C-8AB2-B2ADF2FA4256} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000050 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
.\debug.cpp(400) : Destination "\Device\Null "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&27a8915e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#USB#0000#{c671678c-82c1-43f3-d700-0049433e9a4b} "
.\debug.cpp(400) : Destination "\Device\00000055 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F65CE8E9-FB71-437C-B91D-9CC7859440AE} "
.\debug.cpp(400) : Destination "\Device\{F65CE8E9-FB71-437C-B91D-9CC7859440AE} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP "
.\debug.cpp(400) : Destination "\Device\SynTP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000004f "
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`04e71400
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 73 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1135) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1137) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1138) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1142) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1143) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1146) :
.\boot_cleaner.cpp(1151) : Done;

 

Am I understanding this correctly? We can use the Recovery Partition to fix MBR and will be left with a clean computer but will have lost any future Recovery Partion access in the process although it can be reinstated using the guide from the link in your last post?

 

OK. Well the instuctions on the link seem a bit fiddley but not impossible and to be honest I never knew I had the ability to do a factory reset anyway. That coupled with the fact that it's quite an old computer, if I can get a few more months out of it and get through the next few weeks where I really need it then I'm happy to just repair it and then look at upgrading at my leasure during this summer. If it all goes wrong then I've already got just about everything backed up and will have my hand forced into buying a new machine this weekend.

 

All done but now I can't copy and paste from the log at all. What it says is:

Size:73 GB
Device name: \\.\PhysicalDrive0
MBR Status: OK (DOS/Win32 Boot code found)

 

Apparently, no infection!

2011/05/05 20:17:05.0494 5388 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 20:17:07.0494 5388 ================================================================================
2011/05/05 20:17:07.0494 5388 SystemInfo:
2011/05/05 20:17:07.0494 5388
2011/05/05 20:17:07.0494 5388 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/05 20:17:07.0494 5388 Product type: Workstation
2011/05/05 20:17:07.0494 5388 ComputerName: GARYDIXON
2011/05/05 20:17:07.0494 5388 UserName: Gary Dixon
2011/05/05 20:17:07.0494 5388 Windows directory: C:\WINDOWS
2011/05/05 20:17:07.0494 5388 System windows directory: C:\WINDOWS
2011/05/05 20:17:07.0494 5388 Processor architecture: Intel x86
2011/05/05 20:17:07.0494 5388 Number of processors: 2
2011/05/05 20:17:07.0494 5388 Page size: 0x1000
2011/05/05 20:17:07.0494 5388 Boot type: Normal boot
2011/05/05 20:17:07.0494 5388 ================================================================================
2011/05/05 20:17:08.0276 5388 Initialize success
2011/05/05 20:18:48.0322 5344 ================================================================================
2011/05/05 20:18:48.0322 5344 Scan started
2011/05/05 20:18:48.0322 5344 Mode: Manual;
2011/05/05 20:18:48.0322 5344 ================================================================================
2011/05/05 20:18:50.0056 5344 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/05 20:18:50.0869 5344 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/05 20:18:50.0931 5344 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/05 20:18:51.0056 5344 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/05 20:18:51.0431 5344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/05 20:18:51.0556 5344 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/05 20:18:52.0025 5344 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/05 20:18:52.0135 5344 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/05/05 20:18:52.0478 5344 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/05 20:18:52.0541 5344 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/05 20:18:52.0650 5344 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/05 20:18:53.0213 5344 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/05 20:18:53.0572 5344 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/05 20:18:53.0760 5344 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/05 20:18:54.0057 5344 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/05 20:18:54.0135 5344 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/05 20:18:54.0229 5344 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/05 20:18:54.0369 5344 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/05/05 20:18:54.0854 5344 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/05 20:18:54.0948 5344 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/05 20:18:55.0057 5344 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/05 20:18:55.0182 5344 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/05 20:18:55.0463 5344 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/05/05 20:18:55.0666 5344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/05 20:18:55.0760 5344 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/05 20:18:55.0916 5344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/05 20:18:56.0010 5344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/05 20:18:56.0057 5344 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/05 20:18:56.0104 5344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/05 20:18:56.0432 5344 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/05 20:18:56.0448 5344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/05 20:18:56.0526 5344 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/05 20:18:56.0635 5344 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/05 20:18:56.0901 5344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/05 20:18:56.0964 5344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/05 20:18:57.0057 5344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/05 20:18:57.0120 5344 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/05/05 20:18:57.0557 5344 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/05 20:18:57.0635 5344 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/05 20:18:57.0714 5344 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/05 20:18:57.0870 5344 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/05 20:18:57.0932 5344 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/05 20:18:57.0964 5344 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/05 20:18:58.0136 5344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/05 20:18:58.0276 5344 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/05 20:18:58.0464 5344 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/05 20:18:58.0511 5344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/05 20:18:58.0573 5344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/05 20:18:58.0667 5344 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/05 20:18:58.0714 5344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/05 20:18:58.0901 5344 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/05/05 20:18:59.0073 5344 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/05/05 20:18:59.0339 5344 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/05/05 20:18:59.0605 5344 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/05 20:18:59.0776 5344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/05 20:18:59.0886 5344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/05 20:19:00.0042 5344 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/05 20:19:00.0105 5344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/05 20:19:00.0198 5344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/05 20:19:00.0339 5344 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/05/05 20:19:00.0761 5344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/05 20:19:00.0917 5344 FTDIBUS (b2e774fa71d853aa6062cf390d25b812) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/05/05 20:19:01.0199 5344 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/05 20:19:01.0261 5344 FTSER2K (539e3f2a379c0e27a7ec1fab8c5b5514) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/05/05 20:19:01.0574 5344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/05 20:19:01.0730 5344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/05 20:19:01.0824 5344 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/05/05 20:19:02.0167 5344 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/05 20:19:02.0230 5344 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/05 20:19:02.0339 5344 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/05 20:19:02.0636 5344 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/05 20:19:02.0855 5344 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/05 20:19:03.0152 5344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/05 20:19:03.0214 5344 hwdatacard (008ada74e3028fced5145f4f74230d4b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/05/05 20:19:03.0730 5344 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/05 20:19:03.0793 5344 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/05 20:19:03.0855 5344 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/05 20:19:03.0980 5344 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/05 20:19:04.0871 5344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/05 20:19:05.0027 5344 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/05 20:19:05.0199 5344 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/05 20:19:05.0418 5344 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/05 20:19:05.0543 5344 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/05 20:19:05.0605 5344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/05 20:19:05.0684 5344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/05 20:19:05.0730 5344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/05 20:19:05.0949 5344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/05 20:19:06.0043 5344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/05 20:19:06.0121 5344 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/05 20:19:06.0152 5344 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/05 20:19:06.0356 5344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/05 20:19:06.0449 5344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/05 20:19:06.0731 5344 LVcKap (efe6cb9600a6bef09834be558d7cf04e) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/05/05 20:19:08.0684 5344 LVMVDrv (8895475987655aae944544e30004b290) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/05/05 20:19:09.0059 5344 LVPr2Mon (985875cf257e5900c3f779a6929920e2) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/05/05 20:19:09.0481 5344 LVUSBSta (ccff53b1fcdfa9ede919e3bdbd10d0fd) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/05/05 20:19:09.0919 5344 MAUSBRI (0fdf16b50fab45f20d2225e5f54c787c) C:\WINDOWS\system32\DRIVERS\mausbftu.sys
2011/05/05 20:19:10.0528 5344 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/05 20:19:10.0606 5344 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/05 20:19:10.0966 5344 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/05 20:19:11.0137 5344 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/05 20:19:11.0434 5344 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/05/05 20:19:11.0684 5344 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/05 20:19:11.0934 5344 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/05 20:19:12.0028 5344 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/05 20:19:12.0059 5344 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/05 20:19:12.0216 5344 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/05/05 20:19:12.0450 5344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/05 20:19:12.0575 5344 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/05 20:19:12.0638 5344 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/05 20:19:12.0700 5344 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/05 20:19:12.0810 5344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/05 20:19:13.0169 5344 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/05 20:19:13.0638 5344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/05 20:19:13.0778 5344 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/05 20:19:13.0966 5344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/05 20:19:14.0060 5344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/05 20:19:14.0107 5344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/05 20:19:14.0138 5344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/05 20:19:14.0247 5344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/05 20:19:14.0404 5344 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/05 20:19:14.0513 5344 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/05 20:19:14.0591 5344 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/05 20:19:14.0716 5344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/05 20:19:14.0872 5344 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/05 20:19:14.0919 5344 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/05 20:19:14.0966 5344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/05 20:19:15.0029 5344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/05 20:19:15.0107 5344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/05 20:19:15.0169 5344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/05 20:19:15.0357 5344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/05 20:19:15.0451 5344 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/05 20:19:15.0560 5344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/05 20:19:15.0607 5344 Nsynas32 (2b8f0d73ff5a66d8410fe5da12040003) C:\WINDOWS\system32\drivers\Nsynas32.sys
2011/05/05 20:19:15.0998 5344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/05 20:19:16.0107 5344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/05 20:19:16.0294 5344 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/05 20:19:16.0529 5344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/05 20:19:16.0560 5344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/05 20:19:16.0670 5344 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/05 20:19:16.0716 5344 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/05/05 20:19:17.0013 5344 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
2011/05/05 20:19:17.0076 5344 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/05 20:19:17.0170 5344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/05 20:19:17.0216 5344 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/05 20:19:17.0295 5344 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/05/05 20:19:17.0654 5344 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/05 20:19:17.0732 5344 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/05 20:19:17.0810 5344 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/05 20:19:17.0967 5344 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/05 20:19:18.0264 5344 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/05 20:19:18.0451 5344 PID_0928 (91810c1b4152bb60e18fa2ba44c1596d) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/05/05 20:19:18.0826 5344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/05 20:19:18.0873 5344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/05 20:19:18.0951 5344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/05 20:19:19.0061 5344 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/05 20:19:19.0311 5344 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/05 20:19:19.0373 5344 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/05 20:19:19.0436 5344 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/05 20:19:19.0467 5344 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/05 20:19:19.0514 5344 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/05 20:19:19.0670 5344 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys
2011/05/05 20:19:19.0904 5344 RapportCerberus_26169 (df1f468a6016c4950cfc169ae77d84cd) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys
2011/05/05 20:19:20.0311 5344 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/05/05 20:19:20.0451 5344 RapportKELL (12031844f5ad4126eab4c410623f7789) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/05/05 20:19:20.0529 5344 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/05/05 20:19:20.0576 5344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/05 20:19:20.0639 5344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/05 20:19:20.0780 5344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/05 20:19:20.0811 5344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/05 20:19:20.0905 5344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/05 20:19:20.0967 5344 RDID1046 (e32cc0fb50e80f2e6965745b7286749b) C:\WINDOWS\system32\Drivers\rdwm1046.sys
2011/05/05 20:19:21.0108 5344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/05 20:19:21.0217 5344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/05 20:19:21.0389 5344 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/05 20:19:21.0467 5344 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/05 20:19:21.0545 5344 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/05 20:19:22.0311 5344 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/05 20:19:22.0842 5344 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/05 20:19:23.0608 5344 s24trans (2c0e9e777ab1849b43494626c1f308b5) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/05/05 20:19:24.0092 5344 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/05 20:19:24.0171 5344 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
2011/05/05 20:19:24.0343 5344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/05 20:19:24.0530 5344 Ser2pl (0828e50e85307e1f82fbd46917650854) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/05/05 20:19:24.0718 5344 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/05 20:19:24.0796 5344 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/05 20:19:24.0968 5344 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/05 20:19:25.0046 5344 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/05 20:19:25.0108 5344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/05 20:19:25.0186 5344 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/05 20:19:25.0265 5344 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/05 20:19:25.0436 5344 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/05 20:19:25.0499 5344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/05 20:19:25.0593 5344 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/05 20:19:25.0655 5344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/05 20:19:25.0702 5344 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/05/05 20:19:26.0015 5344 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/05/05 20:19:26.0187 5344 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/05/05 20:19:26.0327 5344 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/05/05 20:19:26.0671 5344 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/05/05 20:19:26.0874 5344 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/05 20:19:27.0140 5344 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/05 20:19:27.0187 5344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/05 20:19:27.0327 5344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/05 20:19:27.0405 5344 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/05 20:19:27.0640 5344 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/05 20:19:27.0999 5344 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/05 20:19:28.0046 5344 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/05 20:19:28.0327 5344 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/05 20:19:28.0578 5344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/05 20:19:28.0687 5344 TASCAM_US122144 (c6f0da2138cbc259d12e99197d88fe42) C:\WINDOWS\system32\Drivers\tascusb2.sys
2011/05/05 20:19:28.0859 5344 TASCAM_US122L_MIDI (5244b55e9c04df6e108be849f32f3b29) C:\WINDOWS\system32\drivers\tscusb2m.sys
2011/05/05 20:19:29.0093 5344 TASCAM_US122L_WDM (69b79a2ee697020ed9ec48e2a474c585) C:\WINDOWS\system32\drivers\tscusb2a.sys
2011/05/05 20:19:29.0296 5344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/05 20:19:29.0406 5344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/05 20:19:29.0531 5344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/05 20:19:29.0625 5344 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/05 20:19:29.0703 5344 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/05/05 20:19:29.0937 5344 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/05/05 20:19:30.0093 5344 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/05/05 20:19:30.0218 5344 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/05/05 20:19:30.0468 5344 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/05/05 20:19:30.0687 5344 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/05/05 20:19:30.0906 5344 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/05/05 20:19:31.0125 5344 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/05/05 20:19:31.0359 5344 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/05/05 20:19:31.0578 5344 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/05 20:19:31.0656 5344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/05 20:19:31.0703 5344 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/05 20:19:31.0844 5344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/05 20:19:32.0000 5344 US122 (f0022b4a8c803d668dc80251214513af) C:\WINDOWS\system32\Drivers\US122.sys
2011/05/05 20:19:32.0375 5344 US122DL (1d56be893dea1ff488de1495a59f71d5) C:\WINDOWS\system32\Drivers\US122DL.sys
2011/05/05 20:19:32.0813 5344 Us122WdmService (560763d08a54a981a63f7bb6a27ab7b4) C:\WINDOWS\system32\Drivers\US122Wdm.sys
2011/05/05 20:19:33.0109 5344 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/05 20:19:33.0250 5344 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/05 20:19:33.0359 5344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/05 20:19:33.0391 5344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/05 20:19:33.0469 5344 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/05 20:19:33.0547 5344 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/05 20:19:33.0610 5344 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/05 20:19:33.0766 5344 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/05 20:19:33.0828 5344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/05 20:19:33.0891 5344 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/05 20:19:33.0938 5344 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/05 20:19:34.0016 5344 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/05 20:19:34.0250 5344 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/05/05 20:19:34.0360 5344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/05 20:19:34.0485 5344 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/05 20:19:34.0938 5344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/05 20:19:35.0016 5344 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/05 20:19:35.0219 5344 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/05 20:19:35.0407 5344 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/05 20:19:35.0579 5344 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/05 20:19:35.0641 5344 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/05 20:19:35.0719 5344 zte_mf651_cdc_acm (d39b7319cb2b1f9b19fb73cee54d435c) C:\WINDOWS\system32\DRIVERS\zte_mf651_cdc_acm.sys
2011/05/05 20:19:35.0969 5344 zte_mf651_cdc_ecm (169d2a536a33117759bb99be9dbb3ea2) C:\WINDOWS\system32\DRIVERS\zte_mf651_cdc_ecm.sys
2011/05/05 20:19:36.0157 5344 zte_mf651_cpo (160bb8d93af7b63c504d67ecf8d09e53) C:\WINDOWS\system32\DRIVERS\zte_mf651_cpo.sys
2011/05/05 20:19:36.0532 5344 zte_mf651_dc_enum (6b7a0fbab209419e7a1aa01a2204d0d7) C:\WINDOWS\system32\DRIVERS\zte_mf651_dc_enum.sys
2011/05/05 20:19:37.0032 5344 ================================================================================
2011/05/05 20:19:37.0032 5344 Scan finished
2011/05/05 20:19:37.0032 5344 ================================================================================

 

Malwarebytes gave me the same error as before so I uninstalled and downloaded a new one.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6515

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/05/2011 22:01:33
mbam-log-2011-05-05 (22-01-33).txt

Scan type: Quick scan
Objects scanned: 161444
Time elapsed: 14 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

I downloaded a new Combofix from the first link you gave me, it got around Section 50 and then I got a BSOD again, same as before. I don't seem to have had the Generic Host error that I always got on every restart!

 

Hi,
First I tried renaming ComboFix as Gary_Dixon.exe and gpt the warning about renaming not being allowed but I realised that it was the underscore (suggested by your instruction) that was upsetting it so I removed that and it started to run fine. I still got a BSOD saying PAGE_FAULT_IN_NON_PAGED_AREA. The file seeming to cause the problem is catchme.sys.

I tried Safe mode and this worked! Iran Comofix and it went all the way through and gave this report:

ComboFix 11-05-05.04 - Gary Dixon 06/05/2011 10:32:52.6.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.219 [GMT 1:00]
Running from: c:\documents and settings\Gary Dixon\Desktop\GaryFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gary Dixon\WINDOWS
.
-- Previous Run --
.
Infected copy of c:\windows\system32\imm32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\imm32.dll
.
--------
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-05 20:44 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 20:44 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 12:05 . 2011-05-01 12:05 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2011-04-29 11:44 . 2011-04-29 11:44 -------- d-----w- c:\documents and settings\Gary Dixon\Local Settings\Application Data\Trusteer
2011-04-28 17:39 . 2011-04-28 17:39 -------- d-----w- c:\documents and settings\Gary Dixon\Application Data\ElevatedDiagnostics
2011-04-28 14:57 . 2011-04-28 14:57 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-27 10:50 . 2011-04-28 14:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-14 08:01 . 2011-04-15 08:55 -------- d-----w- C:\D1_32
2011-04-10 16:59 . 2011-04-10 16:59 -------- d-----w- c:\documents and settings\Gary Dixon\Local Settings\Application Data\Thinstall
2011-04-10 16:59 . 2011-04-10 16:59 -------- d-----w- c:\documents and settings\Gary Dixon\Application Data\Thinstall
2011-04-10 16:58 . 2011-04-10 17:08 -------- d-----w- c:\program files\Microsoft Visio 2007 Portable
2011-04-09 15:50 . 2006-05-08 12:33 237568 ----a-w- c:\windows\system32\glut32.dll
2011-04-09 15:03 . 2011-04-09 15:03 -------- d-----w- c:\documents and settings\Gary Dixon\Application Data\Smaart
2011-04-07 14:15 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-04-07 14:15 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-04-07 14:11 . 2011-04-07 14:11 -------- d-----w- c:\program files\Microsoft.NET
2011-04-07 14:08 . 2011-04-07 14:42 -------- d-----w- c:\windows\SHELLNEW
2011-04-07 14:07 . 2011-04-07 14:07 -------- d-----w- c:\documents and settings\Gary Dixon\Local Settings\Application Data\Microsoft Help
2011-04-07 14:07 . 2011-04-20 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-04-07 14:06 . 2011-04-07 14:06 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-05 06:51 . 2004-08-03 21:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-03-07 05:33 . 2004-08-10 12:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 11:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 11:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-09-21 12:07 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-10 11:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 11:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-10 11:50 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-10 12:01 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-10 11:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 11:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-10 11:51 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 68856]
"LDM "= "c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-08 36864]
"TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 282624]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"CTSVolFE.exe "= "c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-21 26112]
"LogitechCommunicationsManager "= "c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LVCOMSX "= "c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"MobileConnect "= "c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"M-Audio Taskbar Icon "= "c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Gary Dixon\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-21 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-21 24576]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-2-8 196608]
Lotus Organizer EasyClip.lnk - c:\lotus\organize\easyclip.exe [2000-5-19 87040]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe "=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"c:\\Program Files\\Meyer Sound\\Compass\\Resources\\Data\\VirtualGalileoDaemon.exe "=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe "=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe "=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP "= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP "= 10426:UDP:SingleClick ICC
.
R3 zte_mf651_dc_enum;ZTE Mobile Connect DC Enumerator;c:\windows\system32\drivers\zte_mf651_dc_enum.sys [06/11/2009 13:59 80128]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [02/09/2010 13:01 84072]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [04/03/2010 11:32 390528]
S1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [02/05/2011 11:49 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [20/08/2009 12:07 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 12:24 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [09/01/2010 17:12 88176]
S2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [02/09/2010 13:00 271480]
S2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [02/09/2010 13:00 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [02/09/2010 13:03 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [02/09/2010 13:01 141792]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [09/03/2011 13:30 92592]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13/03/2008 20:08 24576]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [02/09/2010 13:01 55840]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [20/08/2009 12:07 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 12:24 135664]
S3 MAUSBFASTTRACKULTRA;Service for M-Audio Fast Track Ultra;c:\windows\system32\DRIVERS\MAudioFastTrackUltra.sys --> c:\windows\system32\DRIVERS\MAudioFastTrackUltra.sys [?]
S3 MAUSBRI;M-Audio Fast Track Ultra Service;c:\windows\system32\drivers\mausbftu.sys [08/03/2010 18:32 135944]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [02/09/2010 13:01 313288]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [02/09/2010 13:01 88544]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [02/09/2010 13:01 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [02/09/2010 13:01 84264]
S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\Rdwm1046.sys [18/02/2008 14:25 172401]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [03/07/2008 15:14 396192]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [03/07/2008 15:14 10752]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [03/07/2008 15:14 19904]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [30/07/2004 12:49 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [30/07/2004 13:02 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [30/07/2004 12:49 39168]
S3 zte_mf651_cdc_acm;ZTE Mobile Connect CDC-ACM driver;c:\windows\system32\drivers\zte_mf651_cdc_acm.sys [06/11/2009 13:59 85248]
S3 zte_mf651_cdc_ecm;zte_mf651_cdc_ecm;c:\windows\system32\drivers\zte_mf651_cdc_ecm.sys [06/11/2009 13:59 49920]
S3 zte_mf651_cpo;ZTE Mobile Connect Mass Storage Device;c:\windows\system32\drivers\zte_mf651_cpo.sys [06/11/2009 13:59 9856]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NSYNAS32
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 11:23]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 11:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0060921
uInternet Settings,ProxyServer = 192.168.2.180:8080
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-eyeBeam SIP Client - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-Microsoft_Wine_Guide - e:\data\00setup\app\uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-06 10:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1224)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-05-06 10:53:48
ComboFix-quarantined-files.txt 2011-05-06 09:53
.
Pre-Run: 18,180,759,552 bytes free
Post-Run: 18,142,846,976 bytes free
.
- - End Of File - - 48B7225BBB5B6D1743E9513087AB8252