Solved Worm.koobface infection

trub · 2011/01/05

[Resolved] Worm.koobface infection

Mistakenly downloaded a facebook link and now Google chrome and Ie will not open. I have access to Firefox.

I uninstalled and reinstalled Microsoft Security Essentials as It would not update. It did notify me of issues said they were addressed but issues still exist.

Also ran Malwarebytes twice and will enclose both logs.

I did a system restore to just before the computer went haywire.

I messed with java and java ra. I cannot uninstall java though it is the current version.

At this time I have stopped trying myself and will rely on your expertise. If we can get this cleaned up I will become a lifetime paying subscriber as I feel I have taken advantage of your free help for too long now.

I also noticed that my last thread was inactive and not resolved. Do you mark it resolved or do I? If it is up to me please advise as to how to complete this action.

TFC has been run and MSE is scanning now. Will enclose only Malwarebytes logs now. Rest of logs to follow.

Thank you in advance.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5467

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/5/2011 10:46:27 PM
mbam-log-2011-01-05 (22-46-27).txt

Scan type: Quick scan
Objects scanned: 140648
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dfg49df (Spyware.Passwords.XGen) -> Value: dfg49df -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\mike149.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Steven\local settings\application data\10112010146107114.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\Windows\bt7.dat (Koobface.Trace) -> Quarantined and deleted successfully.
c:\Windows\5456456z (Koobface.Trace) -> Quarantined and deleted successfully.

Second Malwarebytes log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5468

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/5/2011 11:19:07 PM
mbam-log-2011-01-05 (23-19-07).txt

Scan type: Quick scan
Objects scanned: 139008
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

trub · 2011/01/06

I am getting a redirect in firefox but am able to use enough to communicate.

GMER LOG

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-06 01:06:54
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD32 rev.11.0
Running: fb3kf5zj.exe; Driver: C:\Users\Steven\AppData\Local\Temp\uxryqpob.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C45599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C69F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90C0C000, 0x2D5378, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2556] USER32.dll!TrackPopupMenu 75D74B3B 5 Bytes JMP 63982342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\Explorer.EXE[2696] ntdll.dll!NtProtectVirtualMemory 77255380 5 Bytes JMP 0021000A
.text C:\Windows\Explorer.EXE[2696] ntdll.dll!NtWriteVirtualMemory 77255F00 5 Bytes JMP 0060000A
.text C:\Windows\Explorer.EXE[2696] ntdll.dll!KiUserExceptionDispatcher 77256448 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[4916] ntdll.dll!NtProtectVirtualMemory 77255380 5 Bytes JMP 0035000A
.text C:\Windows\system32\svchost.exe[4916] ntdll.dll!NtWriteVirtualMemory 77255F00 5 Bytes JMP 00B2000A
.text C:\Windows\system32\svchost.exe[4916] ntdll.dll!KiUserExceptionDispatcher 77256448 5 Bytes JMP 0034000A
.text C:\Windows\system32\svchost.exe[4916] ole32.dll!CoCreateInstance 76E6590C 5 Bytes JMP 00BB000A
.text C:\Windows\system32\svchost.exe[4916] USER32.dll!GetCursorPos 75D4C198 5 Bytes JMP 00C6000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5592] ntdll.dll!NtProtectVirtualMemory 77255380 5 Bytes JMP 004F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5592] ntdll.dll!NtWriteVirtualMemory 77255F00 5 Bytes JMP 0058000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5592] ntdll.dll!KiUserExceptionDispatcher 77256448 5 Bytes JMP 004E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5592] ntdll.dll!LdrLoadDll 7726F625 5 Bytes JMP 000C13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#4&12a1b5bb&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

trub · 2011/01/06

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 4730Z
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 168):
0x82C02000 \SystemRoot\system32\ntkrnlpa.exe
0x83012000 \SystemRoot\system32\halmacpi.dll
0x872C2000 \SystemRoot\system32\kdcom.dll
0x8320F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83287000 \SystemRoot\system32\PSHED.dll
0x83298000 \SystemRoot\system32\BOOTVID.dll
0x832A0000 \SystemRoot\system32\CLFS.SYS
0x832E2000 \SystemRoot\system32\CI.dll
0x8338D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83200000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8343D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83485000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8348E000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83496000 \SystemRoot\system32\DRIVERS\pci.sys
0x834C0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x834CB000 \SystemRoot\System32\drivers\partmgr.sys
0x834DC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x834E4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x834EF000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x834FF000 \SystemRoot\System32\drivers\volmgrx.sys
0x8354A000 \SystemRoot\System32\drivers\mountmgr.sys
0x83608000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x836E2000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x836EB000 \SystemRoot\system32\drivers\fltmgr.sys
0x8371F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B217000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B346000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B371000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B384000 \SystemRoot\System32\Drivers\cng.sys
0x8B3E1000 \SystemRoot\System32\drivers\pcw.sys
0x8B3EF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x83730000 \SystemRoot\system32\drivers\ndis.sys
0x83560000 \SystemRoot\system32\drivers\NETIO.SYS
0x8359E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B434000 \SystemRoot\System32\drivers\tcpip.sys
0x8B57D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B5AE000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B5ED000 \SystemRoot\System32\Drivers\spldr.sys
0x8B400000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B200000 \SystemRoot\System32\Drivers\mup.sys
0x8B5F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x835C3000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x837E7000 \SystemRoot\system32\DRIVERS\disk.sys
0x83400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8FEFA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FF19000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8FF40000 \SystemRoot\System32\Drivers\Null.SYS
0x8FF47000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FF4E000 \SystemRoot\System32\drivers\vga.sys
0x8FF5A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FF7B000 \SystemRoot\System32\drivers\watchdog.sys
0x8FF88000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FF90000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FF98000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8FFA0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FFAB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FFB9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FFD0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90012000 \SystemRoot\system32\drivers\afd.sys
0x9006C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9009E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x900A5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x900C4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x900D5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x900E3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x900F6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90106000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90147000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90151000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9015B000 \SystemRoot\System32\drivers\discache.sys
0x90167000 \SystemRoot\System32\Drivers\dfsc.sys
0x9017F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9018D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x901AE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90C0B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x91120000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x901C0000 \SystemRoot\System32\drivers\dxgmms1.sys
0x911D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9163F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9168A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91699000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x916B8000 \SystemRoot\system32\DRIVERS\netr28.sys
0x91753000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9175D000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x917A2000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x917C1000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x917E7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91600000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91618000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91625000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91632000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x917EB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x911E2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8FFDB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x911F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91C32000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91C54000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91C6C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91C83000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91C9A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91C9C000 \SystemRoot\system32\DRIVERS\ks.sys
0x91CD0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91CDE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91D22000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x96205000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x96411000 \SystemRoot\system32\drivers\portcls.sys
0x96440000 \SystemRoot\system32\drivers\drmk.sys
0x96459000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9655F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96561000 \SystemRoot\system32\drivers\modem.sys
0x9656E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FE00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9657B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97770000 \SystemRoot\System32\win32k.sys
0x9658C000 \SystemRoot\System32\drivers\Dxapi.sys
0x96596000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x965AD000 \SystemRoot\System32\Drivers\usbvideo.sys
0x965D1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x979D0000 \SystemRoot\System32\TSDDD.dll
0x965DC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x965E7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91D33000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91D3A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91D46000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x91D4F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97600000 \SystemRoot\System32\cdd.dll
0x91D5A000 \SystemRoot\system32\drivers\luafv.sys
0x91D75000 \SystemRoot\system32\drivers\WudfPf.sys
0x91D8F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x91D9F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x91DE5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x91C00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x99C18000 \SystemRoot\system32\drivers\HTTP.sys
0x99C9D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99CB6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x99CC8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99CEB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99D26000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99D59000 \SystemRoot\system32\drivers\peauth.sys
0x99DF0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9A200000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A221000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9A22E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A27D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A344000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9A355000 \??\C:\Users\Steven\AppData\Local\Temp\uxryqpob.sys
0x9A36D000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9A377000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x77210000 \Windows\System32\ntdll.dll
0x47960000 \Windows\System32\smss.exe
0x77450000 \Windows\System32\apisetschema.dll
0x00D80000 \Windows\System32\autochk.exe
0x77070000 \Windows\System32\setupapi.dll
0x76F70000 \Windows\System32\wininet.dll
0x77430000 \Windows\System32\nsi.dll
0x773E0000 \Windows\System32\gdi32.dll
0x773C0000 \Windows\System32\sechost.dll
0x76E10000 \Windows\System32\ole32.dll
0x76D60000 \Windows\System32\rpcrt4.dll
0x76CE0000 \Windows\System32\comdlg32.dll
0x77380000 \Windows\System32\ws2_32.dll
0x76090000 \Windows\System32\shell32.dll
0x77370000 \Windows\System32\psapi.dll
0x75FF0000 \Windows\System32\usp10.dll
0x77360000 \Windows\System32\lpk.dll
0x75F90000 \Windows\System32\shlwapi.dll
0x75EF0000 \Windows\System32\advapi32.dll
0x75E10000 \Windows\System32\kernel32.dll

Processes (total 50):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
432 csrss.exe
508 C:\Windows\System32\wininit.exe
520 csrss.exe
568 C:\Windows\System32\services.exe
584 C:\Windows\System32\lsass.exe
592 C:\Windows\System32\lsm.exe
632 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
928 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
980 C:\Windows\System32\atiesrxx.exe
1036 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\atieclxx.exe
1552 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\spoolsv.exe
1720 C:\Windows\System32\svchost.exe
1816 C:\Windows\System32\svchost.exe
1852 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2000 C:\Program Files\CDBurnerXP\NMSAccessU.exe
108 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1308 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1920 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2340 C:\Windows\System32\svchost.exe
2564 C:\Windows\System32\taskhost.exe
2656 C:\Windows\System32\dwm.exe
2696 C:\Windows\explorer.exe
3060 C:\Program Files\Microsoft Security Client\msseces.exe
3132 C:\Program Files\Windows Sidebar\sidebar.exe
3540 C:\Windows\System32\SearchIndexer.exe
3668 C:\Program Files\Windows Media Player\wmpnetwk.exe
3960 C:\Windows\System32\svchost.exe
1204 dllhost.exe
1280 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
4916 C:\Windows\System32\svchost.exe
2732 WmiPrvSE.exe
4460 C:\Users\Steven\Downloads\fb3kf5zj.exe
2956 C:\Windows\System32\audiodg.exe
5776 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3604 C:\Program Files\Mozilla Firefox\firefox.exe
4788 C:\Windows\System32\SearchProtocolHost.exe
5044 C:\Windows\System32\SearchFilterHost.exe
4136 dllhost.exe
4280 dllhost.exe
2440 C:\Users\Steven\Downloads\MBRCheck(5).exe
1300 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`00400000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`c3100000 (NTFS)

PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (32)

Done!

trub · 2011/01/06

MSE finds nothing.

nd
DDS (Ver_10-12-12.02) - NTFSx86
Run by Steven at 1:15:15.68 on Thu 01/06/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1746 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Steven\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\steven\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\steven\appdata\roaming\mozilla\firefox\profiles\bms4nseq.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\steven\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\steven\appdata\roaming\mozilla\firefox\profiles\bms4nseq.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\steven\appdata\roaming\mozilla\firefox\profiles\bms4nseq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-5-18 119256]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-6-19 604672]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1343400]

=============== Created Last 30 ================

2011-01-06 06:07:43 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{3ec64ea2-c4bc-4036-a962-6520149b5ce9}\mpengine.dll
2011-01-06 04:05:20 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{c839705a-3aba-43b2-8fc5-c6834c042747}\gapaengine.dll
2011-01-06 04:00:28 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-06 04:00:16 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-02 09:00:31 -------- d-----w- c:\program files\MSXML 4.0
2011-01-01 02:16:52 -------- d-----w- c:\progra~2\Seagate
2011-01-01 02:16:06 -------- d-----w- c:\users\steven\appdata\local\Downloaded Installations
2011-01-01 02:16:01 -------- d-----w- c:\program files\Carbonite
2011-01-01 02:16:00 -------- d-sh--w- c:\windows\ftpcache
2011-01-01 02:15:33 -------- d-----w- c:\program files\Seagate
2011-01-01 02:15:14 -------- d-----w- c:\program files\common files\muvee Technologies
2010-12-31 22:18:22 -------- d-----w- c:\program files\ESET
2010-12-31 21:05:55 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-31 20:54:47 -------- d-----w- c:\users\steven\appdata\local\temp
2010-12-31 20:49:07 98816 ----a-w- c:\windows\sed.exe
2010-12-31 20:49:07 89088 ----a-w- c:\windows\MBR.exe
2010-12-31 20:49:07 256512 ----a-w- c:\windows\PEV.exe
2010-12-31 20:49:07 161792 ----a-w- c:\windows\SWREG.exe
2010-12-31 04:42:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-31 04:42:11 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-15 21:27:02 516096 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 21:27:01 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-19 20:51:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86EF1555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86ef77b0]; MOV EAX, [0x86ef782c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C3E458] -> \Device\Harddisk0\DR0[0x86ECD170]
3 CLASSPNP[0x8340459E] -> ntkrnlpa!IofCallDriver[0x82C3E458] -> [0x87207C90]
\Driver\iaStor[0x86ED2F38] -> IRP_MJ_CREATE -> 0x86EF1555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#4&12a1b5bb&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 1:15:38.85 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2009 2:51:01 PM
System Uptime: 1/5/2011 11:09:52 PM (2 hours ago)

Motherboard: Acer | | Aspire 4730Z
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | uPGA-478 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 91.2 GiB free.
D: is FIXED (NTFS) - 143 GiB total, 118.045 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP532: 12/31/2010 5:14:18 PM - Windows Update
RP533: 12/31/2010 6:03:14 PM - Installed Java(TM) 6 Update 23
RP534: 12/31/2010 9:14:46 PM - Installed muvee Reveal Seagate Edition
RP535: 12/31/2010 9:16:33 PM - Installed Seagate Manager Installer
RP536: 12/31/2010 11:10:44 PM - Removed Seagate Manager Installer
RP537: 12/31/2010 11:12:43 PM - Installed Seagate Manager Installer
RP538: 1/1/2011 1:20:22 AM - Windows Update
RP539: 1/1/2011 5:22:07 PM - Windows Update
RP540: 1/2/2011 1:20:22 AM - Windows Update
RP541: 1/2/2011 4:00:11 AM - Windows Update
RP542: 1/2/2011 5:22:06 PM - Windows Update
RP543: 1/3/2011 1:20:23 AM - Windows Update
RP544: 1/3/2011 5:21:41 PM - Windows Update
RP545: 1/4/2011 1:20:25 AM - Windows Update
RP546: 1/4/2011 4:00:11 AM - Windows Update
RP547: 1/4/2011 5:22:00 PM - Windows Update
RP548: 1/5/2011 1:20:27 AM - Windows Update
RP549: 1/5/2011 5:22:02 PM - Windows Update
RP550: 1/5/2011 10:49:18 PM - Restore Operation
RP551: 1/5/2011 10:59:55 PM - Windows Update
RP552: 1/5/2011 11:28:35 PM - Removed Java(TM) 6 Update 23
RP553: 1/5/2011 11:29:28 PM - Removed Java(TM) 6 Update 23
RP554: 1/5/2011 11:30:23 PM - Removed Java(TM) 6 Update 23

==== Installed Programs ======================

Acer Crystal Eye Webcam
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Adobe Shockwave Player 11.5
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Software Update
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CDBurnerXP
D3DX10
Google Chrome
Google Earth
Google Update Helper
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 23
JMicron Flash Media Controller Driver
Junk Mail filter update
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Mozilla Firefox (3.6.13)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal Seagate Edition
OGA Notifier 2.0.0048.0
Picasa 3
PokerStars
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype web features
Skypeâ„¢ 4.1
SopCast 3.2.4
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wohiper
TurboTax 2009 wrapper
TurboTax Premier 2007
TVUPlayer 2.4.9.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin

==== Event Viewer Messages From Past Week ========

12/31/2010 5:15:54 PM, Error: Service Control Manager [7038] - The MsMpSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/31/2010 5:15:54 PM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not start due to a logon failure.
12/31/2010 4:05:11 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/31/2010 11:11:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
12/31/2010 11:08:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
1/6/2011 12:47:02 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/6/2011 12:46:02 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended.
1/5/2011 11:33:13 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/5/2011 11:10:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/5/2011 11:10:10 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
1/5/2011 11:10:10 PM, Error: atikmdag [43029] - Display is not active
1/5/2011 11:08:59 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/5/2011 11:02:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
1/5/2011 10:54:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.485.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
1/5/2011 10:53:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.485.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
1/5/2011 10:52:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/5/2011 10:47:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/5/2011 10:37:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/5/2011 10:31:59 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Koobface.gen!E&threatid=2147625899 User: Steven-PC\Steven Name: Worm:Win32/Koobface.gen!E ID: 2147625899 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.3310.0, AS: 1.95.3310.0 Engine Version: 1.1.6402.0
1/5/2011 10:31:23 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

==== End Of File ===========================

trub · 2011/01/06

Hey Broni, just wanted to let you guys know that I have subscribed as promised. Used the Mrs. computer. I just want to thank you and the team for all of your help and guidance. You have a great gang and I am very appreciative for all of your time and energy. You are a bargain at any price!!
Thanks as always.

Steven

broni · 2011/01/06

You're welcome

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

You're infected with a rootkit.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

trub · 2011/01/06

2011/01/06 20:08:05.0715 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/06 20:08:05.0715 ================================================================================
2011/01/06 20:08:05.0715 SystemInfo:
2011/01/06 20:08:05.0715
2011/01/06 20:08:05.0715 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/06 20:08:05.0715 Product type: Workstation
2011/01/06 20:08:05.0715 ComputerName: STEVEN-PC
2011/01/06 20:08:05.0715 UserName: Steven
2011/01/06 20:08:05.0715 Windows directory: C:\Windows
2011/01/06 20:08:05.0715 System windows directory: C:\Windows
2011/01/06 20:08:05.0715 Processor architecture: Intel x86
2011/01/06 20:08:05.0715 Number of processors: 2
2011/01/06 20:08:05.0715 Page size: 0x1000
2011/01/06 20:08:05.0715 Boot type: Normal boot
2011/01/06 20:08:05.0715 ================================================================================
2011/01/06 20:08:06.0292 Initialize success
2011/01/06 20:08:16.0464 ================================================================================
2011/01/06 20:08:16.0464 Scan started
2011/01/06 20:08:16.0464 Mode: Manual;
2011/01/06 20:08:16.0464 ================================================================================
2011/01/06 20:08:16.0869 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/06 20:08:16.0932 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/06 20:08:16.0978 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/06 20:08:17.0041 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/06 20:08:17.0103 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/06 20:08:17.0134 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/06 20:08:17.0212 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/06 20:08:17.0290 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/01/06 20:08:17.0353 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/06 20:08:17.0400 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/06 20:08:17.0462 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/06 20:08:17.0493 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/06 20:08:17.0524 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/06 20:08:17.0556 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/06 20:08:17.0587 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/06 20:08:17.0618 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/06 20:08:17.0649 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/06 20:08:17.0727 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/06 20:08:17.0758 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/06 20:08:17.0883 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/06 20:08:17.0914 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/06 20:08:18.0024 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/06 20:08:18.0086 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/06 20:08:18.0258 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/06 20:08:18.0476 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/06 20:08:18.0554 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/06 20:08:18.0601 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/06 20:08:18.0648 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/06 20:08:18.0679 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/06 20:08:18.0710 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/06 20:08:18.0757 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/06 20:08:18.0788 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/06 20:08:18.0835 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/06 20:08:18.0866 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/06 20:08:18.0882 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/06 20:08:18.0913 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/06 20:08:19.0178 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/06 20:08:19.0240 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/06 20:08:19.0287 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/06 20:08:19.0318 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/06 20:08:19.0412 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/06 20:08:19.0443 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/06 20:08:19.0490 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/06 20:08:19.0537 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/06 20:08:19.0568 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/06 20:08:19.0599 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/06 20:08:19.0693 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/06 20:08:19.0740 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/06 20:08:19.0802 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/06 20:08:19.0849 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/06 20:08:19.0911 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/06 20:08:20.0052 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/06 20:08:20.0223 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/06 20:08:20.0254 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/06 20:08:20.0301 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/06 20:08:20.0332 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/06 20:08:20.0364 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/06 20:08:20.0410 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/06 20:08:20.0426 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/06 20:08:20.0457 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/06 20:08:20.0488 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/06 20:08:20.0566 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/06 20:08:20.0598 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/01/06 20:08:20.0644 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/06 20:08:20.0691 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/06 20:08:20.0722 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/06 20:08:20.0800 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/06 20:08:20.0847 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/01/06 20:08:20.0894 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/06 20:08:20.0925 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/06 20:08:20.0972 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/06 20:08:21.0019 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/06 20:08:21.0081 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/06 20:08:21.0128 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/06 20:08:21.0175 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/06 20:08:21.0222 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/06 20:08:21.0268 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/06 20:08:21.0300 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/01/06 20:08:21.0346 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/06 20:08:21.0393 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/06 20:08:21.0502 IntcAzAudAddService (cf2219a2fed4f8f2e0817a2bf1658799) C:\Windows\system32\drivers\RTKVHDA.sys
2011/01/06 20:08:21.0596 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/06 20:08:21.0627 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/06 20:08:21.0674 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/06 20:08:21.0705 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/06 20:08:21.0736 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/06 20:08:21.0783 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/06 20:08:21.0799 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/06 20:08:21.0830 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/06 20:08:21.0892 JMCR (2137795d207280d5707554aaf936fd19) C:\Windows\system32\DRIVERS\jmcr.sys
2011/01/06 20:08:21.0924 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/06 20:08:21.0970 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/06 20:08:22.0048 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/01/06 20:08:22.0095 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/06 20:08:22.0142 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/06 20:08:22.0204 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/06 20:08:22.0267 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/06 20:08:22.0298 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/06 20:08:22.0329 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/06 20:08:22.0360 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/06 20:08:22.0392 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/06 20:08:22.0423 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/06 20:08:22.0438 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/06 20:08:22.0485 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/06 20:08:22.0516 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/06 20:08:22.0563 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/06 20:08:22.0579 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/06 20:08:22.0626 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/06 20:08:22.0688 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/01/06 20:08:22.0719 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/06 20:08:22.0750 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/01/06 20:08:22.0782 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/06 20:08:22.0828 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/06 20:08:22.0860 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/06 20:08:22.0891 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/06 20:08:22.0938 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/06 20:08:22.0969 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/06 20:08:23.0000 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/06 20:08:23.0047 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/06 20:08:23.0078 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/06 20:08:23.0125 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/06 20:08:23.0156 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/06 20:08:23.0234 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/06 20:08:23.0265 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/06 20:08:23.0281 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/06 20:08:23.0312 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/06 20:08:23.0343 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/06 20:08:23.0374 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/06 20:08:23.0390 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/06 20:08:23.0452 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/06 20:08:23.0515 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/06 20:08:23.0562 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/06 20:08:23.0593 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/06 20:08:23.0640 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/06 20:08:23.0671 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/06 20:08:23.0702 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/06 20:08:23.0733 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/06 20:08:23.0764 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/06 20:08:23.0842 netr28 (cf8639bcfde474ade73c2568880326ca) C:\Windows\system32\DRIVERS\netr28.sys
2011/01/06 20:08:23.0905 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/06 20:08:23.0952 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/01/06 20:08:24.0045 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/06 20:08:24.0076 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/06 20:08:24.0139 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/06 20:08:24.0201 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/06 20:08:24.0232 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/06 20:08:24.0342 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/06 20:08:24.0373 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/06 20:08:24.0451 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/06 20:08:24.0529 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/06 20:08:24.0544 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/06 20:08:24.0576 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/06 20:08:24.0622 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/06 20:08:24.0654 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/06 20:08:24.0685 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/06 20:08:24.0716 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/06 20:08:24.0763 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/06 20:08:24.0888 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/06 20:08:24.0919 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/06 20:08:24.0981 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/06 20:08:25.0044 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/06 20:08:25.0122 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/06 20:08:25.0153 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/06 20:08:25.0184 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/06 20:08:25.0246 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/06 20:08:25.0278 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/06 20:08:25.0324 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/06 20:08:25.0371 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/06 20:08:25.0402 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/06 20:08:25.0418 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/06 20:08:25.0449 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/06 20:08:25.0512 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/06 20:08:25.0543 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/06 20:08:25.0574 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/06 20:08:25.0621 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/06 20:08:25.0683 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
2011/01/06 20:08:25.0730 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/06 20:08:25.0777 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/01/06 20:08:25.0824 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/06 20:08:25.0855 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/06 20:08:25.0917 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/06 20:08:25.0964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/06 20:08:26.0042 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/06 20:08:26.0089 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/06 20:08:26.0104 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/06 20:08:26.0167 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/06 20:08:26.0182 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/06 20:08:26.0214 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/06 20:08:26.0245 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/06 20:08:26.0292 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/06 20:08:26.0338 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/06 20:08:26.0354 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/06 20:08:26.0401 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/06 20:08:26.0448 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/06 20:08:26.0526 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/06 20:08:26.0572 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/06 20:08:26.0619 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/06 20:08:26.0682 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/01/06 20:08:26.0728 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/06 20:08:26.0760 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/06 20:08:26.0869 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/01/06 20:08:26.0931 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/06 20:08:26.0978 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/06 20:08:26.0994 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/06 20:08:27.0025 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/06 20:08:27.0056 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/06 20:08:27.0087 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/06 20:08:27.0150 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/06 20:08:27.0196 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/06 20:08:27.0228 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/06 20:08:27.0259 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/06 20:08:27.0321 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/06 20:08:27.0352 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/06 20:08:27.0384 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/06 20:08:27.0430 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/06 20:08:27.0446 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/06 20:08:27.0477 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/06 20:08:27.0508 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/06 20:08:27.0540 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/06 20:08:27.0571 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/06 20:08:27.0618 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/06 20:08:27.0649 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/06 20:08:27.0680 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/06 20:08:27.0727 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/01/06 20:08:27.0789 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/06 20:08:27.0820 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/06 20:08:27.0836 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/06 20:08:27.0867 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/06 20:08:27.0914 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/06 20:08:27.0945 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/06 20:08:27.0976 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/06 20:08:28.0008 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/06 20:08:28.0054 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/06 20:08:28.0086 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/06 20:08:28.0117 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/06 20:08:28.0164 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/01/06 20:08:28.0179 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/01/06 20:08:28.0226 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/06 20:08:28.0273 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/06 20:08:28.0288 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/06 20:08:28.0366 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/06 20:08:28.0398 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/06 20:08:28.0491 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/06 20:08:28.0522 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/06 20:08:28.0663 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/06 20:08:28.0725 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/06 20:08:28.0772 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/06 20:08:28.0803 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/06 20:08:28.0881 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/06 20:08:28.0881 ================================================================================
2011/01/06 20:08:28.0881 Scan finished
2011/01/06 20:08:28.0881 ================================================================================
2011/01/06 20:08:28.0897 Detected object count: 1
2011/01/06 20:08:41.0252 \HardDisk0 - will be cured after reboot
2011/01/06 20:08:41.0252 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/06 20:08:58.0677 Deinitialize success

broni · 2011/01/06

Good job

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

==============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

trub · 2011/01/06

Sorry need a bit of help with the extraction. Have 7zip downloaded to desktop.
Downloaded the remover.rar to firefox downloads. When I attempt to open it, it wants to know what to open it with. I know it is 7 zip but not sure what file within the 7 zip folder I need.

Steven

trub · 2011/01/06

Hold the phone I think I have it will post soon.

broni · 2011/01/06

Ok

trub · 2011/01/06

Remover extracted to desktop. The log you have was on the desktop after running remover. Is this correct?

trub · 2011/01/06

.\debug.cpp(238) : Debug log started at 07.01.2011 - 01:37:21
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82c4a000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe "
.\debug.cpp(256) : 0x82c13000 0x00037000 "\SystemRoot\system32\halmacpi.dll "
.\debug.cpp(256) : 0x80bd1000 0x00008000 "\SystemRoot\system32\kdcom.dll "
.\debug.cpp(256) : 0x83203000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll "
.\debug.cpp(256) : 0x8327b000 0x00011000 "\SystemRoot\system32\PSHED.dll "
.\debug.cpp(256) : 0x8328c000 0x00008000 "\SystemRoot\system32\BOOTVID.dll "
.\debug.cpp(256) : 0x83294000 0x00042000 "\SystemRoot\system32\CLFS.SYS "
.\debug.cpp(256) : 0x832d6000 0x000ab000 "\SystemRoot\system32\CI.dll "
.\debug.cpp(256) : 0x83381000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys "
.\debug.cpp(256) : 0x833f2000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS "
.\debug.cpp(256) : 0x8ae31000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys "
.\debug.cpp(256) : 0x8ae79000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS "
.\debug.cpp(256) : 0x8ae82000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys "
.\debug.cpp(256) : 0x8ae8a000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys "
.\debug.cpp(256) : 0x8aeb4000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys "
.\debug.cpp(256) : 0x8aebf000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys "
.\debug.cpp(256) : 0x8aed0000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys "
.\debug.cpp(256) : 0x8aed8000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS "
.\debug.cpp(256) : 0x8aee3000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys "
.\debug.cpp(256) : 0x8aef3000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys "
.\debug.cpp(256) : 0x8af3e000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys "
.\debug.cpp(256) : 0x8b03b000 0x000da000 "\SystemRoot\system32\DRIVERS\iaStor.sys "
.\debug.cpp(256) : 0x8b115000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys "
.\debug.cpp(256) : 0x8b11e000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys "
.\debug.cpp(256) : 0x8b152000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys "
.\debug.cpp(256) : 0x8b22d000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys "
.\debug.cpp(256) : 0x8b35c000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys "
.\debug.cpp(256) : 0x8b387000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys "
.\debug.cpp(256) : 0x8b39a000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys "
.\debug.cpp(256) : 0x8b200000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys "
.\debug.cpp(256) : 0x8b20e000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys "
.\debug.cpp(256) : 0x8b43f000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys "
.\debug.cpp(256) : 0x8b4f6000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS "
.\debug.cpp(256) : 0x8b534000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys "
.\debug.cpp(256) : 0x8b62e000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys "
.\debug.cpp(256) : 0x8b777000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys "
.\debug.cpp(256) : 0x8b7a8000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys "
.\debug.cpp(256) : 0x8b7e7000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys "
.\debug.cpp(256) : 0x8b600000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys "
.\debug.cpp(256) : 0x8b7ef000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys "
.\debug.cpp(256) : 0x8b559000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys "
.\debug.cpp(256) : 0x8b561000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys "
.\debug.cpp(256) : 0x8b593000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys "
.\debug.cpp(256) : 0x8b5a4000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS "
.\debug.cpp(256) : 0x90316000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys "
.\debug.cpp(256) : 0x90335000 0x00027000 "\SystemRoot\system32\DRIVERS\MpFilter.sys "
.\debug.cpp(256) : 0x9035c000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS "
.\debug.cpp(256) : 0x90363000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS "
.\debug.cpp(256) : 0x9036a000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys "
.\debug.cpp(256) : 0x90376000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS "
.\debug.cpp(256) : 0x90397000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys "
.\debug.cpp(256) : 0x903a4000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
.\debug.cpp(256) : 0x903ac000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys "
.\debug.cpp(256) : 0x903b4000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys "
.\debug.cpp(256) : 0x903bc000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS "
.\debug.cpp(256) : 0x903c7000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS "
.\debug.cpp(256) : 0x903d5000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys "
.\debug.cpp(256) : 0x903ec000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS "
.\debug.cpp(256) : 0x8b163000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys "
.\debug.cpp(256) : 0x8b400000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys "
.\debug.cpp(256) : 0x903f7000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys "
.\debug.cpp(256) : 0x90200000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys "
.\debug.cpp(256) : 0x8b5d6000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys "
.\debug.cpp(256) : 0x8b5e7000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys "
.\debug.cpp(256) : 0x8b217000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys "
.\debug.cpp(256) : 0x8b1bd000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys "
.\debug.cpp(256) : 0x8af54000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys "
.\debug.cpp(256) : 0x9021f000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys "
.\debug.cpp(256) : 0x8b5f5000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys "
.\debug.cpp(256) : 0x8b432000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys "
.\debug.cpp(256) : 0x8b1cd000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys "
.\debug.cpp(256) : 0x8b1e5000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys "
.\debug.cpp(256) : 0x8b000000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys "
.\debug.cpp(256) : 0x8b021000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys "
.\debug.cpp(256) : 0x91617000 0x00515000 "\SystemRoot\system32\DRIVERS\atikmdag.sys "
.\debug.cpp(256) : 0x91b2c000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys "
.\debug.cpp(256) : 0x8af95000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys "
.\debug.cpp(256) : 0x91be3000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys "
.\debug.cpp(256) : 0x90c0c000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS "
.\debug.cpp(256) : 0x90c57000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
.\debug.cpp(256) : 0x90c66000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys "
.\debug.cpp(256) : 0x90c85000 0x0009b000 "\SystemRoot\system32\DRIVERS\netr28.sys "
.\debug.cpp(256) : 0x90d20000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys "
.\debug.cpp(256) : 0x90d2a000 0x00045000 "\SystemRoot\system32\DRIVERS\Rt86win7.sys "
.\debug.cpp(256) : 0x90d6f000 0x0001f000 "\SystemRoot\system32\DRIVERS\jmcr.sys "
.\debug.cpp(256) : 0x90d8e000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS "
.\debug.cpp(256) : 0x90db4000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys "
.\debug.cpp(256) : 0x90db8000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys "
.\debug.cpp(256) : 0x90dd0000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys "
.\debug.cpp(256) : 0x90ddd000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys "
.\debug.cpp(256) : 0x90dea000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys "
.\debug.cpp(256) : 0x90df3000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys "
.\debug.cpp(256) : 0x91bee000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys "
.\debug.cpp(256) : 0x8afce000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys "
.\debug.cpp(256) : 0x90c00000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys "
.\debug.cpp(256) : 0x8ae00000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys "
.\debug.cpp(256) : 0x8afe6000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys "
.\debug.cpp(256) : 0x91600000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys "
.\debug.cpp(256) : 0x91222000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys "
.\debug.cpp(256) : 0x91239000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys "
.\debug.cpp(256) : 0x9123b000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys "
.\debug.cpp(256) : 0x9126f000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys "
.\debug.cpp(256) : 0x9127d000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys "
.\debug.cpp(256) : 0x912c1000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
.\debug.cpp(256) : 0x97031000 0x0020c000 "\SystemRoot\system32\drivers\RTKVHDA.sys "
.\debug.cpp(256) : 0x9723d000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys "
.\debug.cpp(256) : 0x9726c000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys "
.\debug.cpp(256) : 0x97285000 0x00106000 "\SystemRoot\system32\DRIVERS\AGRSM.sys "
.\debug.cpp(256) : 0x9738b000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS "
.\debug.cpp(256) : 0x9738d000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys "
.\debug.cpp(256) : 0x9739a000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys "
.\debug.cpp(256) : 0x912d2000 0x000da000 "\SystemRoot\System32\Drivers\dump_iaStor.sys "
.\debug.cpp(256) : 0x973a7000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys "
.\debug.cpp(256) : 0x97830000 0x0024b000 "\SystemRoot\System32\win32k.sys "
.\debug.cpp(256) : 0x973b8000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys "
.\debug.cpp(256) : 0x973c2000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys "
.\debug.cpp(256) : 0x973cd000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys "
.\debug.cpp(256) : 0x97000000 0x00024000 "\SystemRoot\System32\Drivers\usbvideo.sys "
.\debug.cpp(256) : 0x97024000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys "
.\debug.cpp(256) : 0x973e4000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS "
.\debug.cpp(256) : 0x973f7000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS "
.\debug.cpp(256) : 0x913ac000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys "
.\debug.cpp(256) : 0x97a90000 0x00009000 "\SystemRoot\System32\TSDDD.dll "
.\debug.cpp(256) : 0x913b8000 0x00009000 "\SystemRoot\system32\DRIVERS\KMWDFILTER.sys "
.\debug.cpp(256) : 0x913c1000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
.\debug.cpp(256) : 0x97ac0000 0x0001e000 "\SystemRoot\System32\cdd.dll "
.\debug.cpp(256) : 0x913cc000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys "
.\debug.cpp(256) : 0x91200000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys "
.\debug.cpp(256) : 0x913e7000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys "
.\debug.cpp(256) : 0x90229000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys "
.\debug.cpp(256) : 0x9026f000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys "
.\debug.cpp(256) : 0x9027f000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys "
.\debug.cpp(256) : 0x98c33000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys "
.\debug.cpp(256) : 0x98cb8000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys "
.\debug.cpp(256) : 0x98cd1000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys "
.\debug.cpp(256) : 0x98ce3000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys "
.\debug.cpp(256) : 0x98d06000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys "
.\debug.cpp(256) : 0x98d41000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys "
.\debug.cpp(256) : 0x98d5c000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys "
.\debug.cpp(256) : 0x98df3000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS "
.\debug.cpp(256) : 0x98c00000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys "
.\debug.cpp(256) : 0x98c21000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys "
.\debug.cpp(256) : 0x90292000 0x0000a000 "\SystemRoot\system32\DRIVERS\MpNWMon.sys "
.\debug.cpp(256) : 0x9029c000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys "
.\debug.cpp(256) : 0x9a631000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys "
.\debug.cpp(256) : 0x9a682000 0x0000c000 "\SystemRoot\system32\DRIVERS\NisDrvWFP.sys "
.\debug.cpp(256) : 0x9a6f8000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys "
.\debug.cpp(256) : 0x77120000 0x0013c000 "\Windows\System32\ntdll.dll "
.\debug.cpp(256) : 0x47d70000 0x00013000 "\Windows\System32\smss.exe "
.\debug.cpp(256) : 0x77360000 0x00050000 "\Windows\System32\apisetschema.dll "
.\debug.cpp(256) : 0x00e30000 0x000a6000 "\Windows\System32\autochk.exe "
.\debug.cpp(256) : 0x77320000 0x0002a000 "\Windows\System32\imagehlp.dll "
.\debug.cpp(256) : 0x77270000 0x000a1000 "\Windows\System32\rpcrt4.dll "
.\debug.cpp(256) : 0x770d0000 0x00045000 "\Windows\System32\Wldap32.dll "
.\debug.cpp(256) : 0x77030000 0x000a0000 "\Windows\System32\advapi32.dll "
.\debug.cpp(256) : 0x76fd0000 0x00057000 "\Windows\System32\shlwapi.dll "
.\debug.cpp(256) : 0x76e90000 0x00135000 "\Windows\System32\urlmon.dll "
.\debug.cpp(256) : 0x77260000 0x00006000 "\Windows\System32\nsi.dll "
.\debug.cpp(256) : 0x76e00000 0x0008f000 "\Windows\System32\oleaut32.dll "
.\debug.cpp(256) : 0x76ca0000 0x0015c000 "\Windows\System32\ole32.dll "
.\debug.cpp(256) : 0x76c10000 0x00083000 "\Windows\System32\clbcatq.dll "
.\debug.cpp(256) : 0x76bf0000 0x00019000 "\Windows\System32\sechost.dll "
.\debug.cpp(256) : 0x76b90000 0x00052000 "\Windows\System32\difxapi.dll "
.\debug.cpp(256) : 0x76af0000 0x0009d000 "\Windows\System32\usp10.dll "
.\debug.cpp(256) : 0x76a20000 0x000c9000 "\Windows\System32\user32.dll "
.\debug.cpp(256) : 0x76a10000 0x00003000 "\Windows\System32\normaliz.dll "
.\debug.cpp(256) : 0x76910000 0x000f4000 "\Windows\System32\wininet.dll "
.\debug.cpp(256) : 0x76840000 0x000cc000 "\Windows\System32\msctf.dll "
.\debug.cpp(256) : 0x76790000 0x000ac000 "\Windows\System32\msvcrt.dll "
.\debug.cpp(256) : 0x765f0000 0x0019d000 "\Windows\System32\setupapi.dll "
.\debug.cpp(256) : 0x76570000 0x0007b000 "\Windows\System32\comdlg32.dll "
.\debug.cpp(256) : 0x76560000 0x0000a000 "\Windows\System32\lpk.dll "
.\debug.cpp(256) : 0x76360000 0x001fa000 "\Windows\System32\iertutil.dll "
.\debug.cpp(256) : 0x76350000 0x00005000 "\Windows\System32\psapi.dll "
.\debug.cpp(256) : 0x76300000 0x0004e000 "\Windows\System32\gdi32.dll "
.\debug.cpp(256) : 0x756b0000 0x00c49000 "\Windows\System32\shell32.dll "
.\debug.cpp(256) : 0x75670000 0x00035000 "\Windows\System32\ws2_32.dll "
.\debug.cpp(256) : 0x75650000 0x0001f000 "\Windows\System32\imm32.dll "
.\debug.cpp(256) : 0x75570000 0x000d4000 "\Windows\System32\kernel32.dll "
.\debug.cpp(256) : 0x75520000 0x0004a000 "\Windows\System32\KernelBase.dll "
.\debug.cpp(256) : 0x75490000 0x00084000 "\Windows\System32\comctl32.dll "
.\debug.cpp(256) : 0x75470000 0x00012000 "\Windows\System32\devobj.dll "
.\debug.cpp(256) : 0x75440000 0x00027000 "\Windows\System32\cfgmgr32.dll "
.\debug.cpp(256) : 0x75410000 0x0002d000 "\Windows\System32\wintrust.dll "
.\debug.cpp(256) : 0x752f0000 0x0011c000 "\Windows\System32\crypt32.dll "
.\debug.cpp(256) : 0x752e0000 0x0000c000 "\Windows\System32\msasn1.dll "
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
.\debug.cpp(400) : Destination "\Device\Video0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice "
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NisDrv "
.\debug.cpp(400) : Destination "\Device\NisDrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
.\debug.cpp(400) : Destination "\Device\Ndis "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
.\debug.cpp(400) : Destination "\Device\Video1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN "
.\debug.cpp(400) : Destination "\Device\AgileVPN "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ01#{4afa3d51-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000049 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
.\debug.cpp(400) : Destination "\Device\Video2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1A40&PID_0101#5&1e0eef3a&0&3#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8fdc5038-cb1d-11de-874d-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice "
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2381&SUBSYS_01401025&REV_00#4&2db8d9cc&0&02E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
.\debug.cpp(400) : Destination "\Device\Video3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_0538&Col01#7&1f2b89cc&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000074 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8fdc5039-cb1d-11de-874d-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2382&SUBSYS_01401025&REV_00#4&2db8d9cc&0&00E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4} "
.\debug.cpp(400) : Destination "\Device\NDMP7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
.\debug.cpp(400) : Destination "\Device\Video4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1B16#4&1442ee06&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000005c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement "
.\debug.cpp(400) : Destination "\Device\ProcessManagement "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{24ABF1E4-1A43-4512-B47D-D692F2AB79A0} "
.\debug.cpp(400) : Destination "\Device\NDMP15 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6 "
.\debug.cpp(400) : Destination "\Device\Video5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_0538&Col03#7&1f2b89cc&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery "
.\debug.cpp(400) : Destination "\Device\CompositeBattery "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SEC4442#5&2313f60b&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8} "
.\debug.cpp(400) : Destination "\Device\0000006f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\KMWDFilter "
.\debug.cpp(400) : Destination "\Device\KMWDFilter "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_01401025&REV_03#3&33fd14ca&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1442ee06&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000005b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun "
.\debug.cpp(400) : Destination "\Device\TeredoTun "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
.\debug.cpp(400) : Destination "\Device\WMIDataDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000038 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice "
.\debug.cpp(400) : Destination "\Device\SPDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2929&SUBSYS_01401025&REV_03#3&33fd14ca&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&22cc6398&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) :

broni · 2011/01/06

Disregard....I didn't see your reply.

trub · 2011/01/06

Destination "\Device\USBPDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&178828bf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3981e9bb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#EMA0787#5&2313f60b&0&UID257#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8} "
.\debug.cpp(400) : Destination "\Device\00000070 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth "
.\debug.cpp(400) : Destination "\Device\PEAuth "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
.\debug.cpp(400) : Destination "\Device\NamedPipe "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
.\debug.cpp(400) : Destination "\Device\LSIModem5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&cbee932&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt "
.\debug.cpp(400) : Destination "\Device\vwififlt "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_95C4&SUBSYS_01401025&REV_00#4&323a3cc9&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_01401025&REV_02#4&48075f&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched "
.\debug.cpp(400) : Destination "\Device\Psched "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_1040&SUBSYS_10250140&REV_1002#4&1b38a22&0&0101#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_95C4&SUBSYS_01401025&REV_00#4&323a3cc9&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000078 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2F8A220-AF88-446C-9A55-453E58DD3A33} "
.\debug.cpp(400) : Destination "\Device\NDMP16 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-L633A________________AC00____#4&12a1b5bb&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
.\debug.cpp(400) : Destination "\Device\Mup "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{8fdc5035-cb1d-11de-874d-806e6f6e6963}#00000026C3100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp "
.\debug.cpp(400) : Destination "\Device\Tcp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8} "
.\debug.cpp(400) : Destination "\Device\NDMP13 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
.\debug.cpp(400) : Destination "\Device\USBFDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{8fdc5035-cb1d-11de-874d-806e6f6e6963}#0000000300400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505} "
.\debug.cpp(400) : Destination "\Device\00000044 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
.\debug.cpp(400) : Destination "\Device\USBFDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Agere Systems HDA Modem "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
.\debug.cpp(400) : Destination "\Device\0000006f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A103#CN0314-SN30-OV03-VA-R02.03.02#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
.\debug.cpp(400) : Destination "\DosDevices\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_01401025&REV_03#3&33fd14ca&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
.\debug.cpp(400) : Destination "\Device\USBFDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_01401025&REV_02#4&48075f&0&00E2#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_413C&PID_2003#6&301a3ae3&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_413C&PID_2003#7&19516ac9&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#4&1442ee06&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000050 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
.\debug.cpp(400) : Destination "\Device\FsWrap "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
.\debug.cpp(400) : Destination "\Device\USBFDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_413C&PID_2003#7&19516ac9&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice "
.\debug.cpp(400) : Destination "\Device\IPSECDOSP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#4&12a1b5bb&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
.\debug.cpp(400) : Destination "\Device\00000043 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000045 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AB3D8CCD-FDBF-46E2-A6F2-4F822035B289} "
.\debug.cpp(400) : Destination "\Device\NDMP1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
.\debug.cpp(400) : Destination "\Device\USBFDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1814&DEV_0781&SUBSYS_E002105B&REV_00#4&f4f5901&0&00E1#{435b6226-1dcc-43b3-887e-217dbaa27ba3} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2009c06a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1DF0C6CB-A936-4E9C-B16B-0E87429AF748} "
.\debug.cpp(400) : Destination "\Device\NDMP6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5 "
.\debug.cpp(400) : Destination "\Device\USBFDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Pentium(R)_Dual-Core_CPU_______T4200__@_2.00GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000047 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
.\debug.cpp(400) : Destination "\GLOBAL?? "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG: "
.\debug.cpp(400) : Destination "\clfs "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6 "
.\debug.cpp(400) : Destination "\Device\USBFDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_01401025&REV_03#3&33fd14ca&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1814&DEV_0781&SUBSYS_E002105B&REV_00#4&f4f5901&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#EMA0787#5&2313f60b&0&UID257#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7} "
.\debug.cpp(400) : Destination "\Device\00000070 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7 "
.\debug.cpp(400) : Destination "\Device\USBFDO-7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
.\debug.cpp(400) : Destination "\Device\Secdrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-L633A________________AC00____#4&12a1b5bb&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04FC&PID_0538#6&301a3ae3&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1442ee06&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000005b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_0538&Col02#7&1f2b89cc&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000075 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000078 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy20 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy20 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921} "
.\debug.cpp(400) : Destination "\Device\NDMP14 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LSISM_xface "
.\debug.cpp(400) : Destination "\Device\LSISM_xface "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SEC4442#5&2313f60b&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7} "
.\debug.cpp(400) : Destination "\Device\0000006f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip "
.\debug.cpp(400) : Destination "\Device\nativewifip "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#4&1442ee06&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy21 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy21 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_01401025&REV_03#3&33fd14ca&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
.\debug.cpp(400) : Destination "\Device\MountPointManager "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy22 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy22 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000039 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi "
.\debug.cpp(400) : Destination "\Device\Nsi "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl "
.\debug.cpp(400) : Destination "\Device\PartmgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy23 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy23 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
.\debug.cpp(400) : Destination "\Device\WANARP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_1040&SUBSYS_10250140&REV_1002#4&1b38a22&0&0101#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy24 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy24 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D6C25177-2BFC-4591-A9C9-436C2BCD861E} "
.\debug.cpp(400) : Destination "\Device\NDMP5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB} "
.\debug.cpp(400) : Destination "\Device\NDMP8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000039 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice "
.\debug.cpp(400) : Destination "\Device\NXTIPSEC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy25 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy25 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
.\debug.cpp(400) : Destination "\Device\NDMP10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt "
.\debug.cpp(400) : Destination "\Device\WwanProt "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev "
.\debug.cpp(400) : Destination "\Device\WFP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1814&DEV_0781&SUBSYS_E002105B&REV_00#4&f4f5901&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#4&1442ee06&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000052 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy19 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy19 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6 "
.\debug.cpp(400) : Destination "\Device\WANARPV6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
.\debug.cpp(400) : Destination "\Device\Ide\iaStor0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2384&SUBSYS_01401025&REV_00#4&2db8d9cc&0&04E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A103&MI_00#6&2c2b19dd&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000072 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC "
.\debug.cpp(400) : Destination "\Device\ASYNCMAC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
.\debug.cpp(400) : Destination "\Device\00000077 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000038 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_01401025&REV_03#3&33fd14ca&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH "
.\debug.cpp(400) : Destination "\Device\NDMP9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Pentium(R)_Dual-Core_CPU_______T4200__@_2.00GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000048 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&14f3f5e0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
.\debug.cpp(400) : Destination "\Device\AscKmd "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
.\debug.cpp(400) : Destination "\Device\NdisWan "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_01401025&REV_03#3&33fd14ca&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_01401025&REV_03#3&33fd14ca&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice "
.\debug.cpp(400) : Destination "\Device\MPS "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_01401025&REV_03#3&33fd14ca&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_0538&Col01#7&1f2b89cc&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000074 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
.\debug.cpp(400) : Destination "\DosDevices\COM1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
.\debug.cpp(400) : Destination "\Device\MailSlot "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AF9A0355-D22D-44F8-9687-67A610C9D669} "
.\debug.cpp(400) : Destination "\Device\NDMP4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6 "
.\debug.cpp(400) : Destination "\Device\NDMP11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87} "
.\debug.cpp(400) : Destination "\Device\NDMP12 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&49ed62&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A103&MI_00#6&2c2b19dd&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000072 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8fdc503e-cb1d-11de-874d-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT "
.\debug.cpp(400) : Destination "\Device\00000044 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
.\debug.cpp(400) : Destination "\Device\Null "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000041 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio "
.\debug.cpp(400) : Destination "\Device\Ndisuio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv "
.\debug.cpp(400) : Destination "\Device\SstpDrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
.\debug.cpp(400) : Destination " "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000040 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle "
.\debug.cpp(400) : Destination "\Device\WfpAle "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBA

broni · 2011/01/06

Disregard.
I didn't see, you're still posting...

trub · 2011/01/06

Sorry I think this is it (was to long) Please confirm.

broni · 2011/01/06

No. It looks incomplete.
Please, try again.

trub · 2011/01/06

.\debug.cpp(238) : Debug log started at 07.01.2011 - 01:37:21
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82c4a000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe "
.\debug.cpp(256) : 0x82c13000 0x00037000 "\SystemRoot\system32\halmacpi.dll "
.\debug.cpp(256) : 0x80bd1000 0x00008000 "\SystemRoot\system32\kdcom.dll "
.\debug.cpp(256) : 0x83203000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll "
.\debug.cpp(256) : 0x8327b000 0x00011000 "\SystemRoot\system32\PSHED.dll "
.\debug.cpp(256) : 0x8328c000 0x00008000 "\SystemRoot\system32\BOOTVID.dll "
.\debug.cpp(256) : 0x83294000 0x00042000 "\SystemRoot\system32\CLFS.SYS "
.\debug.cpp(256) : 0x832d6000 0x000ab000 "\SystemRoot\system32\CI.dll "
.\debug.cpp(256) : 0x83381000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys "
.\debug.cpp(256) : 0x833f2000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS "
.\debug.cpp(256) : 0x8ae31000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys "
.\debug.cpp(256) : 0x8ae79000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS "
.\debug.cpp(256) : 0x8ae82000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys "
.\debug.cpp(256) : 0x8ae8a000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys "
.\debug.cpp(256) : 0x8aeb4000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys "
.\debug.cpp(256) : 0x8aebf000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys "
.\debug.cpp(256) : 0x8aed0000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys "
.\debug.cpp(256) : 0x8aed8000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS "
.\debug.cpp(256) : 0x8aee3000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys "
.\debug.cpp(256) : 0x8aef3000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys "
.\debug.cpp(256) : 0x8af3e000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys "
.\debug.cpp(256) : 0x8b03b000 0x000da000 "\SystemRoot\system32\DRIVERS\iaStor.sys "
.\debug.cpp(256) : 0x8b115000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys "
.\debug.cpp(256) : 0x8b11e000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys "
.\debug.cpp(256) : 0x8b152000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys "
.\debug.cpp(256) : 0x8b22d000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys "
.\debug.cpp(256) : 0x8b35c000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys "
.\debug.cpp(256) : 0x8b387000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys "
.\debug.cpp(256) : 0x8b39a000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys "
.\debug.cpp(256) : 0x8b200000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys "
.\debug.cpp(256) : 0x8b20e000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys "
.\debug.cpp(256) : 0x8b43f000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys "
.\debug.cpp(256) : 0x8b4f6000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS "
.\debug.cpp(256) : 0x8b534000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys "
.\debug.cpp(256) : 0x8b62e000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys "
.\debug.cpp(256) : 0x8b777000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys "
.\debug.cpp(256) : 0x8b7a8000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys "
.\debug.cpp(256) : 0x8b7e7000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys "
.\debug.cpp(256) : 0x8b600000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys "
.\debug.cpp(256) : 0x8b7ef000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys "
.\debug.cpp(256) : 0x8b559000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys "
.\debug.cpp(256) : 0x8b561000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys "
.\debug.cpp(256) : 0x8b593000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys "
.\debug.cpp(256) : 0x8b5a4000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS "
.\debug.cpp(256) : 0x90316000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys "
.\debug.cpp(256) : 0x90335000 0x00027000 "\SystemRoot\system32\DRIVERS\MpFilter.sys "
.\debug.cpp(256) : 0x9035c000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS "
.\debug.cpp(256) : 0x90363000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS "
.\debug.cpp(256) : 0x9036a000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys "
.\debug.cpp(256) : 0x90376000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS "
.\debug.cpp(256) : 0x90397000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys "
.\debug.cpp(256) : 0x903a4000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
.\debug.cpp(256) : 0x903ac000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys "
.\debug.cpp(256) : 0x903b4000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys "
.\debug.cpp(256) : 0x903bc000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS "
.\debug.cpp(256) : 0x903c7000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS "
.\debug.cpp(256) : 0x903d5000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys "
.\debug.cpp(256) : 0x903ec000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS "
.\debug.cpp(256) : 0x8b163000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys "
.\debug.cpp(256) : 0x8b400000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys "
.\debug.cpp(256) : 0x903f7000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys "
.\debug.cpp(256) : 0x90200000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys "
.\debug.cpp(256) : 0x8b5d6000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys "
.\debug.cpp(256) : 0x8b5e7000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys "
.\debug.cpp(256) : 0x8b217000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys "
.\debug.cpp(256) : 0x8b1bd000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys "
.\debug.cpp(256) : 0x8af54000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys "
.\debug.cpp(256) : 0x9021f000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys "
.\debug.cpp(256) : 0x8b5f5000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys "
.\debug.cpp(256) : 0x8b432000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys "
.\debug.cpp(256) : 0x8b1cd000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys "
.\debug.cpp(256) : 0x8b1e5000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys "
.\debug.cpp(256) : 0x8b000000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys "
.\debug.cpp(256) : 0x8b021000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys "
.\debug.cpp(256) : 0x91617000 0x00515000 "\SystemRoot\system32\DRIVERS\atikmdag.sys "
.\debug.cpp(256) : 0x91b2c000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys "
.\debug.cpp(256) : 0x8af95000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys "
.\debug.cpp(256) : 0x91be3000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys "
.\debug.cpp(256) : 0x90c0c000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS "
.\debug.cpp(256) : 0x90c57000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
.\debug.cpp(256) : 0x90c66000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys "
.\debug.cpp(256) : 0x90c85000 0x0009b000 "\SystemRoot\system32\DRIVERS\netr28.sys "
.\debug.cpp(256) : 0x90d20000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys "
.\debug.cpp(256) : 0x90d2a000 0x00045000 "\SystemRoot\system32\DRIVERS\Rt86win7.sys "
.\debug.cpp(256) : 0x90d6f000 0x0001f000 "\SystemRoot\system32\DRIVERS\jmcr.sys "
.\debug.cpp(256) : 0x90d8e000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS "
.\debug.cpp(256) : 0x90db4000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys "
.\debug.cpp(256) : 0x90db8000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys "
.\debug.cpp(256) : 0x90dd0000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys "
.\debug.cpp(256) : 0x90ddd000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys "
.\debug.cpp(256) : 0x90dea000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys "
.\debug.cpp(256) : 0x90df3000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys "
.\debug.cpp(256) : 0x91bee000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys "
.\debug.cpp(256) : 0x8afce000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys "
.\debug.cpp(256) : 0x90c00000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys "
.\debug.cpp(256) : 0x8ae00000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys "
.\debug.cpp(256) : 0x8afe6000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys "
.\debug.cpp(256) : 0x91600000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys "
.\debug.cpp(256) : 0x91222000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys "
.\debug.cpp(256) : 0x91239000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys "
.\debug.cpp(256) : 0x9123b000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys "
.\debug.cpp(256) : 0x9126f000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys "
.\debug.cpp(256) : 0x9127d000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys "
.\debug.cpp(256) : 0x912c1000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
.\debug.cpp(256) : 0x97031000 0x0020c000 "\SystemRoot\system32\drivers\RTKVHDA.sys "
.\debug.cpp(256) : 0x9723d000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys "
.\debug.cpp(256) : 0x9726c000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys "
.\debug.cpp(256) : 0x97285000 0x00106000 "\SystemRoot\system32\DRIVERS\AGRSM.sys "
.\debug.cpp(256) : 0x9738b000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS "
.\debug.cpp(256) : 0x9738d000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys "
.\debug.cpp(256) : 0x9739a000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys "
.\debug.cpp(256) : 0x912d2000 0x000da000 "\SystemRoot\System32\Drivers\dump_iaStor.sys "
.\debug.cpp(256) : 0x973a7000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys "
.\debug.cpp(256) : 0x97830000 0x0024b000 "\SystemRoot\System32\win32k.sys "
.\debug.cpp(256) : 0x973b8000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys "
.\debug.cpp(256) : 0x973c2000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys "
.\debug.cpp(256) : 0x973cd000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys "
.\debug.cpp(256) : 0x97000000 0x00024000 "\SystemRoot\System32\Drivers\usbvideo.sys "
.\debug.cpp(256) : 0x97024000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys "
.\debug.cpp(256) : 0x973e4000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS "
.\debug.cpp(256) : 0x973f7000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS "
.\debug.cpp(256) : 0x913ac000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys "
.\debug.cpp(256) : 0x97a90000 0x00009000 "\SystemRoot\System32\TSDDD.dll "
.\debug.cpp(256) : 0x913b8000 0x00009000 "\SystemRoot\system32\DRIVERS\KMWDFILTER.sys "
.\debug.cpp(256) : 0x913c1000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
.\debug.cpp(256) : 0x97ac0000 0x0001e000 "\SystemRoot\System32\cdd.dll "
.\debug.cpp(256) : 0x913cc000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys "
.\debug.cpp(256) : 0x91200000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys "
.\debug.cpp(256) : 0x913e7000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys "
.\debug.cpp(256) : 0x90229000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys "
.\debug.cpp(256) : 0x9026f000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys "
.\debug.cpp(256) : 0x9027f000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys "
.\debug.cpp(256) : 0x98c33000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys "
.\debug.cpp(256) : 0x98cb8000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys "
.\debug.cpp(256) : 0x98cd1000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys "
.\debug.cpp(256) : 0x98ce3000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys "
.\debug.cpp(256) : 0x98d06000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys "
.\debug.cpp(256) : 0x98d41000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys "
.\debug.cpp(256) : 0x98d5c000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys "
.\debug.cpp(256) : 0x98df3000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS "
.\debug.cpp(256) : 0x98c00000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys "
.\debug.cpp(256) : 0x98c21000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys "
.\debug.cpp(256) : 0x90292000 0x0000a000 "\SystemRoot\system32\DRIVERS\MpNWMon.sys "
.\debug.cpp(256) : 0x9029c000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys "
.\debug.cpp(256) : 0x9a631000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys "
.\debug.cpp(256) : 0x9a682000 0x0000c000 "\SystemRoot\system32\DRIVERS\NisDrvWFP.sys "
.\debug.cpp(256) : 0x9a6f8000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys "
.\debug.cpp(256) : 0x77120000 0x0013c000 "\Windows\System32\ntdll.dll "
.\debug.cpp(256) : 0x47d70000 0x00013000 "\Windows\System32\smss.exe "
.\debug.cpp(256) : 0x77360000 0x00050000 "\Windows\System32\apisetschema.dll "
.\debug.cpp(256) : 0x00e30000 0x000a6000 "\Windows\System32\autochk.exe "
.\debug.cpp(256) : 0x77320000 0x0002a000 "\Windows\System32\imagehlp.dll "
.\debug.cpp(256) : 0x77270000 0x000a1000 "\Windows\System32\rpcrt4.dll "
.\debug.cpp(256) : 0x770d0000 0x00045000 "\Windows\System32\Wldap32.dll "
.\debug.cpp(256) : 0x77030000 0x000a0000 "\Windows\System32\advapi32.dll "
.\debug.cpp(256) : 0x76fd0000 0x00057000 "\Windows\System32\shlwapi.dll "
.\debug.cpp(256) : 0x76e90000 0x00135000 "\Windows\System32\urlmon.dll "
.\debug.cpp(256) : 0x77260000 0x00006000 "\Windows\System32\nsi.dll "
.\debug.cpp(256) : 0x76e00000 0x0008f000 "\Windows\System32\oleaut32.dll "
.\debug.cpp(256) : 0x76ca0000 0x0015c000 "\Windows\System32\ole32.dll "
.\debug.cpp(256) : 0x76c10000 0x00083000 "\Windows\System32\clbcatq.dll "
.\debug.cpp(256) : 0x76bf0000 0x00019000 "\Windows\System32\sechost.dll "
.\debug.cpp(256) : 0x76b90000 0x00052000 "\Windows\System32\difxapi.dll "
.\debug.cpp(256) : 0x76af0000 0x0009d000 "\Windows\System32\usp10.dll "
.\debug.cpp(256) : 0x76a20000 0x000c9000 "\Windows\System32\user32.dll "
.\debug.cpp(256) : 0x76a10000 0x00003000 "\Windows\System32\normaliz.dll "
.\debug.cpp(256) : 0x76910000 0x000f4000 "\Windows\System32\wininet.dll "
.\debug.cpp(256) : 0x76840000 0x000cc000 "\Windows\System32\msctf.dll "
.\debug.cpp(256) : 0x76790000 0x000ac000 "\Windows\System32\msvcrt.dll "
.\debug.cpp(256) : 0x765f0000 0x0019d000 "\Windows\System32\setupapi.dll "
.\debug.cpp(256) : 0x76570000 0x0007b000 "\Windows\System32\comdlg32.dll "
.\debug.cpp(256) : 0x76560000 0x0000a000 "\Windows\System32\lpk.dll "
.\debug.cpp(256) : 0x76360000 0x001fa000 "\Windows\System32\iertutil.dll "
.\debug.cpp(256) : 0x76350000 0x00005000 "\Windows\System32\psapi.dll "
.\debug.cpp(256) : 0x76300000 0x0004e000 "\Windows\System32\gdi32.dll "
.\debug.cpp(256) : 0x756b0000 0x00c49000 "\Windows\System32\shell32.dll "
.\debug.cpp(256) : 0x75670000 0x00035000 "\Windows\System32\ws2_32.dll "
.\debug.cpp(256) : 0x75650000 0x0001f000 "\Windows\System32\imm32.dll "
.\debug.cpp(256) : 0x75570000 0x000d4000 "\Windows\System32\kernel32.dll "
.\debug.cpp(256) : 0x75520000 0x0004a000 "\Windows\System32\KernelBase.dll "
.\debug.cpp(256) : 0x75490000 0x00084000 "\Windows\System32\comctl32.dll "
.\debug.cpp(256) : 0x75470000 0x00012000 "\Windows\System32\devobj.dll "
.\debug.cpp(256) : 0x75440000 0x00027000 "\Windows\System32\cfgmgr32.dll "
.\debug.cpp(256) : 0x75410000 0x0002d000 "\Windows\System32\wintrust.dll "
.\debug.cpp(256) : 0x752f0000 0x0011c000 "\Windows\System32\crypt32.dll "
.\debug.cpp(256) : 0x752e0000 0x0000c000 "\Windows\System32\msasn1.dll "
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
.\debug.cpp(400) : Destination "\Device\Video0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice "
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NisDrv "
.\debug.cpp(400) : Destination "\Device\NisDrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
.\debug.cpp(400) : Destination "\Device\Ndis "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
.\debug.cpp(400) : Destination "\Device\Video1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN "
.\debug.cpp(400) : Destination "\Device\AgileVPN "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ01#{4afa3d51-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000049 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
.\debug.cpp(400) : Destination "\Device\Video2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1A40&PID_0101#5&1e0eef3a&0&3#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8fdc5038-cb1d-11de-874d-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice "
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2381&SUBSYS_01401025&REV_00#4&2db8d9cc&0&02E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
.\debug.cpp(400) : Destination "\Device\Video3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_0538&Col01#7&1f2b89cc&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000074 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8fdc5039-cb1d-11de-874d-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2382&SUBSYS_01401025&REV_00#4&2db8d9cc&0&00E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4} "
.\debug.cpp(400) : Destination "\Device\NDMP7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
.\debug.cpp(400) : Destination "\Device\Video4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1B16#4&1442ee06&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000005c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement "
.\debug.cpp(400) : Destination "\Device\ProcessManagement "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{24ABF1E4-1A43-4512-B47D-D692F2AB79A0} "
.\debug.cpp(400) : Destination "\Device\NDMP15 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6 "
.\debug.cpp(400) : Destination "\Device\Video5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_0538&Col03#7&1f2b89cc&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery "
.\debug.cpp(400) : Destination "\Device\CompositeBattery "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SEC4442#5&2313f60b&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8} "
.\debug.cpp(400) : Destination "\Device\0000006f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\KMWDFilter "
.\debug.cpp(400) : Destination "\Device\KMWDFilter "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_01401025&REV_03#3&33fd14ca&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1442ee06&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000005b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun "
.\debug.cpp(400) : Destination "\Device\TeredoTun "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
.\debug.cpp(400) : Destination "\Device\WMIDataDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000038 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice "
.\debug.cpp(400) : Destination "\Device\SPDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2929&SUBSYS_01401025&REV_03#3&33fd14ca&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&22cc6398&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&178828bf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3981e9bb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#EMA0787#5&2313f60b&0&UID257#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8} "
.\debug.cpp(400) : Destination "\Device\00000070 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth "
.\debug.cpp(400) : Destination "\Device\PEAuth "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
.\debug.cpp(400) : Destination "\Device\NamedPipe "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
.\debug.cpp(400) : Destination "\Device\LSIModem5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&cbee932&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt "
.\debug.cpp(400) : Destination "\Device\vwififlt "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_95C4&SUBSYS_01401025&REV_00#4&323a3cc9&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_01401025&REV_02#4&48075f&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched "
.\debug.cpp(400) : Destination "\Device\Psched "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_1040&SUBSYS_10250140&REV_1002#4&1b38a22&0&0101#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_95C4&SUBSYS_01401025&REV_00#4&323a3cc9&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000078 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2F8A220-AF88-446C-9A55-453E58DD3A33} "
.\debug.cpp(400) : Destination "\Device\NDMP16 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-L633A________________AC00____#4&12a1b5bb&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
.\debug.cpp(400) : Destination "\Device\Mup "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{8fdc5035-cb

trub · 2011/01/06

1d-11de-874d-806e6f6e6963}#00000026C3100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp "
.\debug.cpp(400) : Destination "\Device\Tcp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8} "
.\debug.cpp(400) : Destination "\Device\NDMP13 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
.\debug.cpp(400) : Destination "\Device\USBFDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{8fdc5035-cb1d-11de-874d-806e6f6e6963}#0000000300400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505} "
.\debug.cpp(400) : Destination "\Device\00000044 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
.\debug.cpp(400) : Destination "\Device\USBFDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Agere Systems HDA Modem "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
.\debug.cpp(400) : Destination "\Device\0000006f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A103#CN0314-SN30-OV03-VA-R02.03.02#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000004b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
.\debug.cpp(400) : Destination "\DosDevices\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_01401025&REV_03#3&33fd14ca&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
.\debug.cpp(400) : Destination "\Device\USBFDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_01401025&REV_02#4&48075f&0&00E2#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_413C&PID_2003#6&301a3ae3&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_413C&PID_2003#7&19516ac9&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#4&1442ee06&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000050 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
.\debug.cpp(400) : Destination "\Device\FsWrap "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
.\debug.cpp(400) : Destination "\Device\USBFDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_413C&PID_2003#7&19516ac9&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice "
.\debug.cpp(400) : Destination "\Device\IPSECDOSP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#4&12a1b5bb&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
.\debug.cpp(400) : Destination "\Device\00000043 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000045 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AB3D8CCD-FDBF-46E2-A6F2-4F822035B289} "
.\debug.cpp(400) : Destination "\Device\NDMP1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
.\debug.cpp(400) : Destination "\Device\USBFDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1814&DEV_0781&SUBSYS_E002105B&REV_00#4&f4f5901&0&00E1#{435b6226-1dcc-43b3-887e-217dbaa27ba3} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2009c06a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1DF0C6CB-A936-4E9C-B16B-0E87429AF748} "
.\debug.cpp(400) : Destination "\Device\NDMP6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5 "
.\debug.cpp(400) : Destination "\Device\USBFDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Pentium(R)_Dual-Core_CPU_______T4200__@_2.00GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000047 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
.\debug.cpp(400) : Destination "\GLOBAL?? "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG: "
.\debug.cpp(400) : Destination "\clfs "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6 "
.\debug.cpp(400) : Destination "\Device\USBFDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_01401025&REV_03#3&33fd14ca&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1814&DEV_0781&SUBSYS_E002105B&REV_00#4&f4f5901&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#EMA0787#5&2313f60b&0&UID257#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7} "
.\debug.cpp(400) : Destination "\Device\00000070 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7 "
.\debug.cpp(400) : Destination "\Device\USBFDO-7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
.\debug.cpp(400) : Destination "\Device\Secdrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-L633A________________AC00____#4&12a1b5bb&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04FC&PID_0538#6&301a3ae3&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1442ee06&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000005b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_0538&Col02#7&1f2b89cc&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000075 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000078 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy20 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy20 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921} "
.\debug.cpp(400) : Destination "\Device\NDMP14 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LSISM_xface "
.\debug.cpp(400) : Destination "\Device\LSISM_xface "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SEC4442#5&2313f60b&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7} "
.\debug.cpp(400) : Destination "\Device\0000006f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip "
.\debug.cpp(400) : Destination "\Device\nativewifip "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#4&1442ee06&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy21 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy21 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_01401025&REV_03#3&33fd14ca&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
.\debug.cpp(400) : Destination "\Device\MountPointManager "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy22 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy22 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000003b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000039 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi "
.\debug.cpp(400) : Destination "\Device\Nsi "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl "
.\debug.cpp(400) : Destination "\Device\PartmgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy23 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy23 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
.\debug.cpp(400) : Destination "\Device\WANARP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_1040&SUBSYS_10250140&REV_1002#4&1b38a22&0&0101#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy24 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy24 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D6C25177-2BFC-4591-A9C9-436C2BCD861E} "
.\debug.cpp(400) : Destination "\Device\NDMP5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB} "
.\debug.cpp(400) : Destination "\Device\NDMP8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000039 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice "
.\debug.cpp(400) : Destination "\Device\NXTIPSEC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy25 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy25 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
.\debug.cpp(400) : Destination "\Device\NDMP10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt "
.\debug.cpp(400) : Destination "\Device\WwanProt "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev "
.\debug.cpp(400) : Destination "\Device\WFP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1814&DEV_0781&SUBSYS_E002105B&REV_00#4&f4f5901&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#4&1442ee06&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000052 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy19 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy19 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6 "
.\debug.cpp(400) : Destination "\Device\WANARPV6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
.\debug.cpp(400) : Destination "\Device\Ide\iaStor0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2384&SUBSYS_01401025&REV_00#4&2db8d9cc&0&04E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A103&MI_00#6&2c2b19dd&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000072 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC "
.\debug.cpp(400) : Destination "\Device\ASYNCMAC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
.\debug.cpp(400) : Destination "\Device\00000077 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000038 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_01401025&REV_03#3&33fd14ca&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH "
.\debug.cpp(400) : Destination "\Device\NDMP9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Pentium(R)_Dual-Core_CPU_______T4200__@_2.00GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000048 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&14f3f5e0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
.\debug.cpp(400) : Destination "\Device\AscKmd "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
.\debug.cpp(400) : Destination "\Device\NdisWan "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_01401025&REV_03#3&33fd14ca&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_01401025&REV_03#3&33fd14ca&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice "
.\debug.cpp(400) : Destination "\Device\MPS "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_01401025&REV_03#3&33fd14ca&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_0538&Col01#7&1f2b89cc&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000074 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
.\debug.cpp(400) : Destination "\DosDevices\COM1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
.\debug.cpp(400) : Destination "\Device\MailSlot "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AF9A0355-D22D-44F8-9687-67A610C9D669} "
.\debug.cpp(400) : Destination "\Device\NDMP4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6 "
.\debug.cpp(400) : Destination "\Device\NDMP11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87} "
.\debug.cpp(400) : Destination "\Device\NDMP12 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&49ed62&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A103&MI_00#6&2c2b19dd&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000072 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8fdc503e-cb1d-11de-874d-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT "
.\debug.cpp(400) : Destination "\Device\00000044 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
.\debug.cpp(400) : Destination "\Device\Null "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000041 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio "
.\debug.cpp(400) : Destination "\Device\Ndisuio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv "
.\debug.cpp(400) : Destination "\Device\SstpDrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
.\debug.cpp(400) : Destination " "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000040 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle "
.\debug.cpp(400) : Destination "\Device\WfpAle "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_10250140&REV_1001#4&1b38a22&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2383&SUBSYS_01401025&REV_00#4&2db8d9cc&0&03E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&77827b2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000003c "
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(673) : main(): CreateFile() ERROR 5
.\boot_cleaner.cpp(674) : ERROR: Can't open volume device \\.\C:
.\boot_cleaner.cpp(1151) : Done;

Log in or Sign up

Solved Worm.koobface infection

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Worm.koobface infection

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

broni Moderator Malware Analyst

trub Well-Known Member Thread Starter

trub Well-Known Member Thread Starter

Share This Page

Useful Searches