1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Pop up Re. Control Messages

Discussion in 'Malware and Virus Removal Archive' started by mindplayer45, 2011/05/13.

Page 1 of 4
  1. 2011/05/13
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    [Resolved] Pop up Re. Control Messages

    Hi guys/gals, got this while trying to download malawarebytes to my wifes laptop.

    "The name of your file to run "
    The service cannot accept control messages at this time.

    She has had this for a week or so and it is really frustrating. Can you help.
     
    mindplayer45,
    #1
  2. 2011/05/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Does it happen only, when you try to download MBAM?
    Download, or run it?
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Whenever I try to open programs I have down loaded, such as Malawarebytes. I had to download on my desktop then save to USB then put it onto the laptop and install and run it via SafeMode.
     
    mindplayer45,
    #3
  5. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Here is the MalawareBytes log, I have just done a quick scan..
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5363

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 7.0.6002.18005

    14/05/2011 3:59:01 PM
    mbam-log-2011-05-14 (15-59-01).txt

    Scan type: Quick scan
    Objects scanned: 145458
    Time elapsed: 2 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (Adware.WidgiToolbar) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (Adware.WidgiToolbar) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\program files\iobit toolbar\IE\4.4\iobittoolbarie.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
     
    mindplayer45,
    #4
  6. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Host Process for Windows Services keeps stopping and I can't do anything with the laptop in normal mode because of the above and it takes so long for any operation to complete.
     
    mindplayer45,
    #5
  7. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    I have run Combo fix 4 times, but still can't get a txt file from it. The first time I ran it in normal mode it came up with a blue box(similar to a DOS box) with C:\Administrator
    'SWREG' is not recognised as an internal or external command, operable program or batch file ". I closed this and moved to Safemode. Safemode ran then combofix advised of an infection in the MBR, then another box saying it had located Rootkit activity and needed to reboot, so it did. Into normal mode, with nothing happening. I tried twice more in Normal mode successfully, including a Combofix update. Both times advised of an infection in the MBR and having to reboot due to locating Rootkit activity. But still no text file of the Combofix findings or activity. What next?
     
    mindplayer45,
    #7
  9. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
    broni,
    #8
  10. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Can I do this in Safemode, in normal mode it give the "control message" popup.
     
    mindplayer45,
    #9
  11. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What is the exact message?
     
    broni,
    #10
  12. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    I have it working in normal mode, but cannot copy what is on the screen so I am going to have to write it here, it is not long.
    Bootkit Remover
    <c> 2009 E Sage Lab
    www.esagelab.com
    Program Version 1.2.0.0
    OS Version Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002, 32 bit)
    System Volume is \\.\C:
    main<> create file<> Error 5 Error can't open volume device \\.\C:
     
    mindplayer45,
    #11
  13. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    I have found rest of log sending shortly.
     
    mindplayer45,
    #12
  14. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Not sure I can get all of log on here so will send in two>

    .\debug.cpp(238) : Debug log started at 15.05.2011 - 01:06:43
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.0
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x82249000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe "
    .\debug.cpp(256) : 0x82216000 0x00033000 "\SystemRoot\system32\hal.dll "
    .\debug.cpp(256) : 0x86c1e000 0x00003000 "\SystemRoot\system32\kdcom.dll "
    .\debug.cpp(256) : 0x80405000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll "
    .\debug.cpp(256) : 0x80475000 0x00011000 "\SystemRoot\system32\PSHED.dll "
    .\debug.cpp(256) : 0x80486000 0x00008000 "\SystemRoot\system32\BOOTVID.dll "
    .\debug.cpp(256) : 0x8048e000 0x00041000 "\SystemRoot\system32\CLFS.SYS "
    .\debug.cpp(256) : 0x804cf000 0x000e0000 "\SystemRoot\system32\CI.dll "
    .\debug.cpp(256) : 0x805af000 0x0000e000 "\SystemRoot\system32\DRIVERS\szkg.sys "
    .\debug.cpp(256) : 0x805bd000 0x0000d000 "\SystemRoot\system32\drivers\szkgfs.sys "
    .\debug.cpp(256) : 0x80601000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys "
    .\debug.cpp(256) : 0x8067d000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS "
    .\debug.cpp(256) : 0x8068a000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys "
    .\debug.cpp(256) : 0x806d0000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS "
    .\debug.cpp(256) : 0x806d9000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys "
    .\debug.cpp(256) : 0x806e1000 0x00027000 "\SystemRoot\system32\drivers\pci.sys "
    .\debug.cpp(256) : 0x80708000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys "
    .\debug.cpp(256) : 0x80717000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys "
    .\debug.cpp(256) : 0x8071a000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS "
    .\debug.cpp(256) : 0x80724000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys "
    .\debug.cpp(256) : 0x80733000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys "
    .\debug.cpp(256) : 0x8077d000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys "
    .\debug.cpp(256) : 0x8078d000 0x00007000 "\SystemRoot\system32\DRIVERS\pciide.sys "
    .\debug.cpp(256) : 0x80794000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS "
    .\debug.cpp(256) : 0x82803000 0x000ce000 "\SystemRoot\system32\DRIVERS\iaStor.sys "
    .\debug.cpp(256) : 0x828d1000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys "
    .\debug.cpp(256) : 0x828d9000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS "
    .\debug.cpp(256) : 0x828f7000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys "
    .\debug.cpp(256) : 0x82901000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys "
    .\debug.cpp(256) : 0x82933000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys "
    .\debug.cpp(256) : 0x82943000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys "
    .\debug.cpp(256) : 0x82a08000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys "
    .\debug.cpp(256) : 0x82b13000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys "
    .\debug.cpp(256) : 0x82b3e000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS "
    .\debug.cpp(256) : 0x87c07000 0x000ed000 "\SystemRoot\System32\drivers\tcpip.sys "
    .\debug.cpp(256) : 0x87cf4000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys "
    .\debug.cpp(256) : 0x87e06000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys "
    .\debug.cpp(256) : 0x87f16000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys "
    .\debug.cpp(256) : 0x87f4f000 0x00005000 "\SystemRoot\system32\DRIVERS\TVALZ_O.SYS "
    .\debug.cpp(256) : 0x87f54000 0x00043000 "\SystemRoot\system32\DRIVERS\tos_sps32.sys "
    .\debug.cpp(256) : 0x87f97000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys "
    .\debug.cpp(256) : 0x87f9f000 0x00007000 "\SystemRoot\System32\Drivers\SmartDefragDriver.sys "
    .\debug.cpp(256) : 0x87fa6000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys "
    .\debug.cpp(256) : 0x87fb5000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys "
    .\debug.cpp(256) : 0x87fdc000 0x00011000 "\SystemRoot\system32\drivers\disk.sys "
    .\debug.cpp(256) : 0x87d0f000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS "
    .\debug.cpp(256) : 0x87fed000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys "
    .\debug.cpp(256) : 0x8b6dd000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys "
    .\debug.cpp(256) : 0x8b6e8000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys "
    .\debug.cpp(256) : 0x8b6f1000 0x00008000 "\SystemRoot\system32\DRIVERS\FwLnk.sys "
    .\debug.cpp(256) : 0x8b6f9000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys "
    .\debug.cpp(256) : 0x8b708000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys "
    .\debug.cpp(256) : 0x8ba08000 0x006e4000 "\SystemRoot\system32\DRIVERS\igdkmd32.sys "
    .\debug.cpp(256) : 0x8c0ec000 0x000a0000 "\SystemRoot\System32\drivers\dxgkrnl.sys "
    .\debug.cpp(256) : 0x8c18c000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys "
    .\debug.cpp(256) : 0x8c198000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys "
    .\debug.cpp(256) : 0x8c1a3000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS "
    .\debug.cpp(256) : 0x8c1e1000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
    .\debug.cpp(256) : 0x8b70c000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys "
    .\debug.cpp(256) : 0x8b799000 0x00021000 "\SystemRoot\system32\DRIVERS\Rtlh86.sys "
    .\debug.cpp(256) : 0x8c203000 0x000e4000 "\SystemRoot\system32\DRIVERS\athr.sys "
    .\debug.cpp(256) : 0x8c2e7000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys "
    .\debug.cpp(256) : 0x8c2fa000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys "
    .\debug.cpp(256) : 0x8c305000 0x0002f000 "\SystemRoot\system32\DRIVERS\SynTP.sys "
    .\debug.cpp(256) : 0x8c334000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS "
    .\debug.cpp(256) : 0x8c336000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys "
    .\debug.cpp(256) : 0x8c341000 0x0000a000 "\SystemRoot\system32\DRIVERS\tdcmdpst.sys "
    .\debug.cpp(256) : 0x8c34b000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys "
    .\debug.cpp(256) : 0x8c363000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys "
    .\debug.cpp(256) : 0x8c392000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys "
    .\debug.cpp(256) : 0x8c3d3000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS "
    .\debug.cpp(256) : 0x8c3de000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys "
    .\debug.cpp(256) : 0x8c3f5000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys "
    .\debug.cpp(256) : 0x8b7ba000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys "
    .\debug.cpp(256) : 0x8c1f0000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys "
    .\debug.cpp(256) : 0x8b7dd000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys "
    .\debug.cpp(256) : 0x87d3d000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys "
    .\debug.cpp(256) : 0x87d52000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys "
    .\debug.cpp(256) : 0x8c200000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys "
    .\debug.cpp(256) : 0x87d62000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys "
    .\debug.cpp(256) : 0x8b7f1000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys "
    .\debug.cpp(256) : 0x8b600000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys "
    .\debug.cpp(256) : 0x87d8c000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys "
    .\debug.cpp(256) : 0x87dc1000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
    .\debug.cpp(256) : 0x8c600000 0x001ff000 "\SystemRoot\system32\drivers\RTKVHDA.sys "
    .\debug.cpp(256) : 0x87dd2000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys "
    .\debug.cpp(256) : 0x82b79000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys "
    .\debug.cpp(256) : 0x82b9e000 0x0003e000 "\SystemRoot\system32\DRIVERS\HSXHWAZL.sys "
    .\debug.cpp(256) : 0x8c804000 0x00103000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys "
    .\debug.cpp(256) : 0x8c907000 0x000b5000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys "
    .\debug.cpp(256) : 0x8c9bc000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys "
    .\debug.cpp(256) : 0x8c9c9000 0x00027000 "\SystemRoot\system32\DRIVERS\MpFilter.sys "
    .\debug.cpp(256) : 0x8c9f0000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
    .\debug.cpp(256) : 0x8c9f9000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS "
    .\debug.cpp(256) : 0x8ba00000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS "
    .\debug.cpp(256) : 0x82bdc000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys "
    .\debug.cpp(256) : 0x829b4000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS "
    .\debug.cpp(256) : 0x87ff6000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
    .\debug.cpp(256) : 0x82be8000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys "
    .\debug.cpp(256) : 0x82bf0000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS "
    .\debug.cpp(256) : 0x829d5000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS "
    .\debug.cpp(256) : 0x829e3000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys "
    .\debug.cpp(256) : 0x807a2000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys "
    .\debug.cpp(256) : 0x807b8000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys "
    .\debug.cpp(256) : 0x829ec000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys "
    .\debug.cpp(256) : 0x8cc0a000 0x00048000 "\SystemRoot\system32\drivers\afd.sys "
    .\debug.cpp(256) : 0x8cc52000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys "
    .\debug.cpp(256) : 0x8cc68000 0x00005000 "\SystemRoot\system32\DRIVERS\jswpslwf.sys "
    .\debug.cpp(256) : 0x8cc6d000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys "
    .\debug.cpp(256) : 0x8cc7b000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys "
    .\debug.cpp(256) : 0x8cc8e000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys "
    .\debug.cpp(256) : 0x8ccca000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys "
    .\debug.cpp(256) : 0x8ccd4000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys "
    .\debug.cpp(256) : 0x8cceb000 0x00014000 "\SystemRoot\system32\drivers\RTSTOR.SYS "
    .\debug.cpp(256) : 0x8ccff000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys "
    .\debug.cpp(256) : 0x8cd0c000 0x000ce000 "\SystemRoot\System32\Drivers\dump_iaStor.sys "
    .\debug.cpp(256) : 0x8cdda000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys "
    .\debug.cpp(256) : 0x8cde3000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS "
    .\debug.cpp(256) : 0x8cdf3000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS "
    .\debug.cpp(256) : 0x8cc00000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
    .\debug.cpp(256) : 0x8b60d000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbprint.sys "
    .\debug.cpp(256) : 0x95080000 0x00203000 "\SystemRoot\System32\win32k.sys "
    .\debug.cpp(256) : 0x8b617000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys "
    .\debug.cpp(256) : 0x8b621000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys "
    .\debug.cpp(256) : 0x952a0000 0x00009000 "\SystemRoot\System32\TSDDD.dll "
    .\debug.cpp(256) : 0x952c0000 0x0000e000 "\SystemRoot\System32\cdd.dll "
    .\debug.cpp(256) : 0x8b630000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys "
    .\debug.cpp(256) : 0xab203000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys "
    .\debug.cpp(256) : 0xab2b3000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys "
    .\debug.cpp(256) : 0xab2c3000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys "
    .\debug.cpp(256) : 0xab2d6000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys "
    .\debug.cpp(256) : 0xab343000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys "
    .\debug.cpp(256) : 0xab360000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys "
    .\debug.cpp(256) : 0xab379000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys "
    .\debug.cpp(256) : 0xab38e000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys "
    .\debug.cpp(256) : 0xab3af000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys "
    .\debug.cpp(256) : 0x8b64b000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys "
    .\debug.cpp(256) : 0xab3ce000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys "
    .\debug.cpp(256) : 0x8b684000 0x00028000 "\SystemRoot\System32\DRIVERS\srv2.sys "
    .\debug.cpp(256) : 0xab809000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys "
    .\debug.cpp(256) : 0xab857000 0x00012000 "\SystemRoot\system32\DRIVERS\ipfltdrv.sys "
    .\debug.cpp(256) : 0xab869000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys "
    .\debug.cpp(256) : 0xab86d000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys "
    .\debug.cpp(256) : 0xab94b000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS "
    .\debug.cpp(256) : 0xab955000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys "
    .\debug.cpp(256) : 0xab961000 0x00008000 "\SystemRoot\system32\DRIVERS\xaudio.sys "
    .\debug.cpp(256) : 0xab969000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys "
    .\debug.cpp(256) : 0xab97f000 0x00015000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS "
    .\debug.cpp(256) : 0xab994000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS "
    .\debug.cpp(256) : 0x77ba0000 0x00128000 "\Windows\System32\ntdll.dll "
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Volume{27e8d218-2b7f-11de-be0d-806e6f6e6963} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\00000063 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
    .\debug.cpp(400) : Destination "\Device\Ndis "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#VID_0924&PID_3CE9#RBM845813.......#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-9 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
    .\debug.cpp(400) : Destination "\Device\Video0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#ROOT_HUB#4&376c961d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000038 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
    .\debug.cpp(400) : Destination "\Device\Video1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
    .\debug.cpp(400) : Destination "\Device\0000003e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000039 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000036 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\{0AC45E08-2D40-443D-AAF9-848350A5289B} "
    .\debug.cpp(400) : Destination "\Device\NDMP4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
    .\debug.cpp(400) : Destination "\Device\Video2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#ROOT_HUB20#4&289a75b2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1 "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
    .\debug.cpp(400) : Destination "\Device\Video3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9} "
    .\debug.cpp(400) : Destination "\Device\NDMP9 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000037 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2 "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tos_sps32 "
    .\debug.cpp(400) : Destination "\Device\tos_sps32 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice "
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0 "
    .\debug.cpp(400) : Destination "\Device\Tun0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
    .\debug.cpp(400) : Destination "\Device\Video4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62} "
    .\debug.cpp(400) : Destination "\Device\NDMP5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl "
    .\debug.cpp(400) : Destination "\Device\VolMgrControl "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ880AS________________1.50____#4&939d6c5&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f} "
    .\debug.cpp(400) : Destination "\Device\00000063 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#ROOT_HUB#4&1df46ccc&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000003e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_FF661179&REV_03#3&21436425&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature3BDF9ABAOffset22D5900000Length26DA00000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery "
    .\debug.cpp(400) : Destination "\Device\CompositeBattery "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ880AS________________1.50____#4&939d6c5&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice "
    .\debug.cpp(400) : Destination "\Device\SpDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Volume{ca00db36-2b7f-11de-b28b-806e6f6e6963} "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature3BDF9ABAOffset100000Length5DC00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\XAudio "
    .\debug.cpp(400) : Destination "\Device\XAudio "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth "
    .\debug.cpp(400) : Destination "\Device\PEAuth "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
    .\debug.cpp(400) : Destination "\Device\NamedPipe "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature3BDF9ABAOffset5DD00000Length2277C00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
    .\debug.cpp(400) : Destination "\Device\Winachsf0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
    .\debug.cpp(400) : Destination "\Device\00000046 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_FF661179&REV_03#3&21436425&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
    .\debug.cpp(400) : Destination "\Device\Mup "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched "
    .\debug.cpp(400) : Destination "\Device\Psched "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#ROOT_HUB#4&3363b53f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000003e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmartDefragDevice "
    .\debug.cpp(400) : Destination "\Device\SmartDefragDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\00000049 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp "
    .\debug.cpp(400) : Destination "\Device\Tcp "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_FF661179&REV_03#3&21436425&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvaldx "
    .\debug.cpp(400) : Destination "\Device\TVALZ "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\0000004e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPFILTERDRIVER "
    .\debug.cpp(400) : Destination "\Device\IPFILTERDRIVER "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\ACPI#PNP0303#4&7989e7a&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\00000056 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
    .\debug.cpp(400) : Destination "\Device\0000006a "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\{8B085B79-8D8D-489E-8BFE-08BCA6601261} "
    .\debug.cpp(400) : Destination "\Device\NDMP1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer "
    .\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
    .\debug.cpp(400) : Destination "\DosDevices\LPT1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000003e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000003e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_FF661179&REV_03#3&21436425&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
    .\debug.cpp(400) : Destination "\Device\00000041 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1 "
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DR1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
     
    mindplayer45,
    #13
  15. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Second half
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
    .\debug.cpp(400) : Destination "\Device\FsWrap "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000003e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
    .\debug.cpp(400) : Destination "\Device\0000006e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000} "
    .\debug.cpp(400) : Destination "\Device\00000063 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\0000003a "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\00000042 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\JSWPSLWF "
    .\debug.cpp(400) : Destination "\Device\JSWPSLWF "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
    .\debug.cpp(400) : Destination "\GLOBAL?? "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000036 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\00000005 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvalz "
    .\debug.cpp(400) : Destination "\Device\TVALZ "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG: "
    .\debug.cpp(400) : Destination "\clfs "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\DISPLAY#LPL017D#4&368f15a&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7} "
    .\debug.cpp(400) : Destination "\Device\0000006a "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\0000003b "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\{71D7C445-F328-4585-A4E7-BD5B4DDAB5E4} "
    .\debug.cpp(400) : Destination "\Device\NDMP11 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
    .\debug.cpp(400) : Destination "\Device\Secdrv "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#VID_0BDA&PID_0158#20071114173400000#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-8 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_FF661179&REV_03#3&21436425&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\00000048 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Volume{fb502ff6-2ff3-11de-86b6-001e33a2cf84} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e} "
    .\debug.cpp(400) : Destination "\Device\00000063 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#ROOT_HUB#4&6f0d718&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0 "
    .\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#VID_0204&PID_6025#042042006812F102#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-11 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_FF661179&REV_03#3&21436425&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000039 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\HID#VID_046D&PID_C05F#6&2ec8cb17&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\00000068 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\0000003b "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\{338F7AB3-5400-42C1-BFF4-B492AA57832F} "
    .\debug.cpp(400) : Destination "\Device\NDMP2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
    .\debug.cpp(400) : Destination "\Device\MountPointManager "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\IDE#DiskHitachi_HTS543216L9SA00_________________FB2OC43C#4&939d6c5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\ACPI#SYN1913#4&7989e7a&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\00000057 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#VID_0924&PID_3CE9#RBM845813.......#{28d78fad-5a12-11d1-ae5b-0000f803a8c2} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-9 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP "
    .\debug.cpp(400) : Destination "\Device\00000064 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000037 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000035 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi "
    .\debug.cpp(400) : Destination "\Device\Nsi "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
    .\debug.cpp(400) : Destination "\Device\WANARP "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_FF671179&REV_07#3&21436425&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#VID_046D&PID_C05F#5&3b8cf8a8&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-10 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#ROOT_HUB#4&146364ce&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl "
    .\debug.cpp(400) : Destination "\Device\PartmgrControl "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice "
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\DISPLAY#LPL017D#4&368f15a&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8} "
    .\debug.cpp(400) : Destination "\Device\0000006a "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F} "
    .\debug.cpp(400) : Destination "\Device\NDMP10 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000035 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_CBM2.0&Prod_Flash_Disk&Rev_5.00#042042006812F102&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev "
    .\debug.cpp(400) : Destination "\Device\WFP "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\0000003e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
    .\debug.cpp(400) : Destination "\Device\NDMP7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6 "
    .\debug.cpp(400) : Destination "\Device\WANARPV6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
    .\debug.cpp(400) : Destination "\Device\Ide\iaStor0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\{6E0ADAF9-F430-40C8-9FBC-352257C4D2FA} "
    .\debug.cpp(400) : Destination "\Device\NDMP3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
    .\debug.cpp(400) : Destination "\Device\0000006b "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USBSTOR#Disk&Ven_CBM2.0&Prod_Flash_Disk&Rev_5.00#042042006812F102&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\0000006d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\iS3Filter "
    .\debug.cpp(400) : Destination "\FileSystem\Filters\iS3Filter "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F10000&REV_1000#4&1a28025e&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4} "
    .\debug.cpp(400) : Destination "\Device\00000064 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#ROOT_HUB20#4&310a2809&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000003e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\0000003a "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01#4&c8c337f&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01#4&c8c337f&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_FF661179&REV_02#4&30b2ce1&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tdcmdpst "
    .\debug.cpp(400) : Destination "\Device\tdcmdpst "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
    .\debug.cpp(400) : Destination "\Device\NdisWan "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
    .\debug.cpp(400) : Destination "\Device\AscKmd "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
    .\debug.cpp(400) : Destination "\Device\RaidPort0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0 "
    .\debug.cpp(400) : Destination "\Device\MICH_AZ0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH "
    .\debug.cpp(400) : Destination "\Device\NDMP6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MSProcess "
    .\debug.cpp(400) : Destination "\Device\MSProcess "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice "
    .\debug.cpp(400) : Destination "\Device\MPS "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvald "
    .\debug.cpp(400) : Destination "\Device\TVALZ "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\00000063 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\USB#ROOT_HUB#4&1c601f8b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_FF661179&REV_03#3&21436425&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IecFwExt "
    .\debug.cpp(400) : Destination "\Device\IecFwExt "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
    .\debug.cpp(400) : Destination "\Device\VolMgrControl "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Volume{27e8d219-2b7f-11de-be0d-806e6f6e6963} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
    .\debug.cpp(400) : Destination "\Device\MailSlot "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_FF671179&REV_07#3&21436425&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
    .\debug.cpp(400) : Destination "\DosDevices\COM1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\00000063 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6 "
    .\debug.cpp(400) : Destination "\Device\NDMP8 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
    .\debug.cpp(400) : Destination " "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\HID#VID_046D&PID_C05F#6&2ec8cb17&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
    .\debug.cpp(400) : Destination "\Device\00000068 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv "
    .\debug.cpp(400) : Destination "\Device\SstpDrv "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\0000003d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
    .\debug.cpp(400) : Destination "\Device\Null "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_FF661179&REV_02#4&30b2ce1&0&00E0#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvalg "
    .\debug.cpp(400) : Destination "\Device\TVALZ "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP "
    .\debug.cpp(400) : Destination "\Device\SynTP "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle "
    .\debug.cpp(400) : Destination "\Device\WfpAle "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\0000003c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F10000&REV_1000#4&1a28025e&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42} "
    .\debug.cpp(400) : Destination "\Device\00000064 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000038 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_FF661179&REV_03#3&21436425&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink
    "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\0000004a "
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(673) : main(): CreateFile() ERROR 5
    .\boot_cleaner.cpp(674) : ERROR: Can't open volume device \\.\C:
    .\boot_cleaner.cpp(1151) : Done;
     
    mindplayer45,
    #14
  16. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #15
  17. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Hi Broni
    Can I do TDSSKiller in Safe Mode, I am getting the popup..
    C:\Users etc etc etc
    "The service cannot accept control messages at this time ".
     
    mindplayer45,
    #16
  18. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go ahead...
     
    broni,
    #17
  19. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Hi Broni
    Can I do this one in Safe Mode as I keep getting the pop up...
    C:\Users etc etc etc
    "The service cannot accept control messages at this time "
     
    mindplayer45,
    #18
  20. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I said yes...LOL :)
     
    broni,
    #19
  21. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Here we go...
    2011/05/15 11:49:24.0208 1684 TDSS rootkit removing tool 2.5.1.0 May
    13 2011 13:20:29
    2011/05/15 11:49:24.0271 1684
    ================================================================================
    2011/05/15 11:49:24.0271 1684 SystemInfo:
    2011/05/15 11:49:24.0271 1684
    2011/05/15 11:49:24.0271 1684 OS Version: 6.0.6002 ServicePack: 2.0
    2011/05/15 11:49:24.0271 1684 Product type: Workstation
    2011/05/15 11:49:24.0271 1684 ComputerName: JBPARRAWEST-PC
    2011/05/15 11:49:24.0271 1684 UserName: Joydy Miller
    2011/05/15 11:49:24.0271 1684 Windows directory: C:\Windows
    2011/05/15 11:49:24.0271 1684 System windows directory: C:\Windows
    2011/05/15 11:49:24.0271 1684 Processor architecture: Intel x86
    2011/05/15 11:49:24.0271 1684 Number of processors: 1
    2011/05/15 11:49:24.0271 1684 Page size: 0x1000
    2011/05/15 11:49:24.0271 1684 Boot type: Safe boot
    2011/05/15 11:49:24.0271 1684
    ================================================================================
    2011/05/15 11:49:25.0020 1684 Initialize success
    2011/05/15 11:49:29.0356 1720
    ================================================================================
    2011/05/15 11:49:29.0356 1720 Scan started
    2011/05/15 11:49:29.0356 1720 Mode: Manual;
    2011/05/15 11:49:29.0356 1720
    ================================================================================
    2011/05/15 11:49:31.0852 1720 ACPI
    (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/05/15 11:49:32.0008 1720 adp94xx
    (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/05/15 11:49:32.0180 1720 adpahci
    (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/05/15 11:49:32.0320 1720 adpu160m
    (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/05/15 11:49:32.0398 1720 adpu320
    (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/05/15 11:49:32.0539 1720 AFD
    (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/05/15 11:49:32.0679 1720 AgereSoftModem
    (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/05/15 11:49:32.0835 1720 agp440
    (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/05/15 11:49:32.0898 1720 aic78xx
    (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/05/15 11:49:32.0960 1720 aliide
    (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/05/15 11:49:33.0069 1720 amdagp
    (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/05/15 11:49:33.0163 1720 amdide
    (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/05/15 11:49:33.0272 1720 AmdK7
    (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/05/15 11:49:33.0334 1720 AmdK8
    (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/05/15 11:49:33.0459 1720 arc
    (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/05/15 11:49:33.0537 1720 arcsas
    (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/05/15 11:49:33.0631 1720 AsyncMac
    (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/15 11:49:33.0693 1720 atapi
    (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/05/15 11:49:33.0834 1720 athr
    (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
    2011/05/15 11:49:34.0036 1720 Beep
    (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/05/15 11:49:34.0130 1720 blbdrive
    (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/05/15 11:49:34.0239 1720 bowser
    (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/15 11:49:34.0364 1720 BrFiltLo
    (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/05/15 11:49:34.0426 1720 BrFiltUp
    (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/05/15 11:49:34.0551 1720 Brserid
    (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/05/15 11:49:34.0614 1720 BrSerWdm
    (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/05/15 11:49:34.0723 1720 BrUsbMdm
    (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/05/15 11:49:34.0770 1720 BrUsbSer
    (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/05/15 11:49:34.0894 1720 BTHMODEM
    (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/05/15 11:49:35.0050 1720 cdfs
    (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/15 11:49:35.0128 1720 cdrom
    (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/15 11:49:35.0253 1720 circlass
    (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/05/15 11:49:35.0331 1720 CLFS
    (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/05/15 11:49:35.0456 1720 CmBatt
    (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/15 11:49:35.0518 1720 cmdide
    (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/05/15 11:49:35.0581 1720 Compbatt
    (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/15 11:49:35.0706 1720 crcdisk
    (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/05/15 11:49:35.0752 1720 Crusoe
    (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/05/15 11:49:35.0893 1720 DfsC
    (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/15 11:49:36.0049 1720 disk
    (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/05/15 11:49:36.0205 1720 drmkaud
    (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/15 11:49:36.0298 1720 DXGKrnl
    (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/15 11:49:36.0408 1720 E1G60
    (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/05/15 11:49:36.0501 1720 Ecache
    (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/05/15 11:49:36.0673 1720 elxstor
    (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/05/15 11:49:36.0813 1720 ErrDev
    (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/05/15 11:49:36.0938 1720 exfat
    (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/05/15 11:49:37.0063 1720 fastfat
    (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/05/15 11:49:37.0203 1720 fdc
    (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/15 11:49:37.0281 1720 FileInfo
    (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/15 11:49:37.0390 1720 Filetrace
    (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/05/15 11:49:37.0437 1720 flpydisk
    (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/15 11:49:37.0515 1720 FltMgr
    (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/15 11:49:37.0671 1720 Fs_Rec
    (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/15 11:49:37.0734 1720 FwLnk
    (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
    2011/05/15 11:49:37.0827 1720 gagp30kx
    (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/05/15 11:49:37.0999 1720 HdAudAddService
    (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/15 11:49:38.0170 1720 HDAudBus
    (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/15 11:49:38.0295 1720 HidBth
    (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/05/15 11:49:38.0358 1720 HidIr
    (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/05/15 11:49:38.0482 1720 HidUsb
    (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/15 11:49:38.0545 1720 HpCISSs
    (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/05/15 11:49:38.0670 1720 HSFHWAZL
    (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2011/05/15 11:49:38.0748 1720 HSF_DPV
    (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/05/15 11:49:38.0919 1720 HSXHWAZL
    (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/05/15 11:49:39.0013 1720 HTTP
    (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/05/15 11:49:39.0122 1720 i2omp
    (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/05/15 11:49:39.0278 1720 i8042prt
    (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/15 11:49:39.0356 1720 iaStor
    (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/05/15 11:49:39.0465 1720 iaStorV
    (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/05/15 11:49:39.0668 1720 igfx
    (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/05/15 11:49:39.0855 1720 iirsp
    (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/05/15 11:49:40.0074 1720 IntcAzAudAddService
    (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/05/15 11:49:40.0276 1720 intelide
    (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/05/15 11:49:40.0339 1720 intelppm
    (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/15 11:49:40.0464 1720 IpFilterDriver
    (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/15 11:49:40.0557 1720 IPMIDRV
    (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/05/15 11:49:40.0666 1720 IPNAT
    (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/05/15 11:49:40.0729 1720 IRENUM
    (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/05/15 11:49:40.0854 1720 is3srv
    (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys
    2011/05/15 11:49:40.0932 1720 isapnp
    (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/05/15 11:49:41.0025 1720 iScsiPrt
    (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/15 11:49:41.0088 1720 iteatapi
    (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/05/15 11:49:41.0181 1720 iteraid
    (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/05/15 11:49:41.0275 1720 jswpslwf
    (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
    2011/05/15 11:49:41.0384 1720 kbdclass
    (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/15 11:49:41.0431 1720 kbdhid
    (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    2011/05/15 11:49:41.0556 1720 KSecDD
    (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/15 11:49:41.0727 1720 lltdio
    (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/15 11:49:41.0821 1720 LSI_FC
    (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/05/15 11:49:41.0899 1720 LSI_SAS
    (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/05/15 11:49:41.0977 1720 LSI_SCSI
    (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/05/15 11:49:42.0055 1720 luafv
    (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/05/15 11:49:42.0148 1720 mdmxsdk
    (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/05/15 11:49:42.0258 1720 megasas
    (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/05/15 11:49:42.0351 1720 MegaSR
    (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/05/15 11:49:42.0445 1720 Modem
    (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/05/15 11:49:42.0585 1720 monitor
    (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/15 11:49:42.0648 1720 mouclass
    (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/15 11:49:42.0741 1720 mouhid
    (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/15 11:49:42.0819 1720 MountMgr
    (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/15 11:49:42.0944 1720 MpFilter
    (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/05/15 11:49:43.0022 1720 mpio
    (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/05/15 11:49:43.0147 1720 MpNWMon
    (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/05/15 11:49:43.0209 1720 mpsdrv
    (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/15 11:49:43.0350 1720 Mraid35x
    (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/05/15 11:49:43.0412 1720 MRxDAV
    (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/15 11:49:43.0506 1720 mrxsmb
    (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/15 11:49:43.0568 1720 mrxsmb10
    (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/15 11:49:43.0677 1720 mrxsmb20
    (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/15 11:49:43.0755 1720 msahci
    (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
    2011/05/15 11:49:43.0864 1720 msdsm
    (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/05/15 11:49:43.0942 1720 Msfs
    (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/05/15 11:49:44.0052 1720 msisadrv
    (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/05/15 11:49:44.0223 1720 MSKSSRV
    (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/15 11:49:44.0457 1720 MSPCLOCK
    (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/15 11:49:44.0598 1720 MSPQM
    (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/15 11:49:44.0738 1720 MsRPC
    (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/15 11:49:44.0878 1720 mssmbios
    (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/15 11:49:45.0050 1720 MSTEE
    (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/15 11:49:45.0253 1720 Mup
    (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/05/15 11:49:45.0502 1720 NativeWifiP
    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/15 11:49:45.0705 1720 NDIS
    (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/05/15 11:49:45.0892 1720 NdisTapi
    (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/15 11:49:46.0142 1720 Ndisuio
    (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/15 11:49:46.0438 1720 NdisWan
    (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/15 11:49:46.0657 1720 NDProxy
    (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/15 11:49:46.0922 1720 NetBIOS
    (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/15 11:49:47.0094 1720 netbt
    (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/15 11:49:47.0421 1720 nfrd960
    (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/05/15 11:49:47.0640 1720 NisDrv
    (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/05/15 11:49:47.0811 1720 Npfs
    (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/05/15 11:49:48.0014 1720 nsiproxy
    (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/15 11:49:48.0326 1720 Ntfs
    (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/15 11:49:48.0669 1720 ntrigdigi
    (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/05/15 11:49:48.0919 1720 Null
    (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/05/15 11:49:49.0106 1720 nvraid
    (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/05/15 11:49:49.0309 1720 nvstor
    (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/05/15 11:49:49.0512 1720 nv_agp
    (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/05/15 11:49:49.0808 1720 ohci1394
    (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/05/15 11:49:50.0198 1720 Parport
    (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/05/15 11:49:50.0432 1720 partmgr
    (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/05/15 11:49:50.0588 1720 Parvdm
    (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/05/15 11:49:50.0791 1720 pci
    (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/05/15 11:49:50.0978 1720 pciide
    (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
    2011/05/15 11:49:51.0150 1720 pcmcia
    (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/05/15 11:49:51.0306 1720 PEAUTH
    (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/05/15 11:49:51.0524 1720 PptpMiniport
    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/15 11:49:51.0618 1720 Processor
    (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/05/15 11:49:51.0774 1720 PSched
    (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/15 11:49:51.0914 1720 ql2300
    (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/05/15 11:49:52.0132 1720 ql40xx
    (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/05/15 11:49:52.0351 1720 QWAVEdrv
    (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/15 11:49:52.0476 1720 RasAcd
    (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/15 11:49:52.0710 1720 Rasl2tp
    (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/15 11:49:52.0928 1720 RasPppoe
    (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/15 11:49:53.0037 1720 RasSstp
    (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/15 11:49:53.0256 1720 rdbss
    (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/15 11:49:53.0412 1720 RDPCDD
    (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/15 11:49:53.0474 1720 rdpdr
    (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/15 11:49:53.0599 1720 RDPENCDD
    (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/15 11:49:53.0692 1720 RDPWD
    (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/15 11:49:53.0864 1720 rspndr
    (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/15 11:49:53.0973 1720 RTL8169
    (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2011/05/15 11:49:54.0067 1720 RTSTOR
    (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
    2011/05/15 11:49:54.0176 1720 sbp2port
    (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/05/15 11:49:54.0348 1720 secdrv
    (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/15 11:49:54.0410 1720 Serenum
    (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/05/15 11:49:54.0519 1720 Serial
    (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/05/15 11:49:54.0613 1720 sermouse
    (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/05/15 11:49:54.0753 1720 sffdisk
    (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/05/15 11:49:54.0878 1720 sffp_mmc
    (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/05/15 11:49:54.0987 1720 sffp_sd
    (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2011/05/15 11:49:55.0128 1720 sfloppy
    (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/05/15 11:49:55.0268 1720 sisagp
    (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/05/15 11:49:55.0377 1720 SiSRaid2
    (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/05/15 11:49:55.0502 1720 SiSRaid4
    (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/05/15 11:49:55.0674 1720 SmartDefragDriver
    (cc48f88fe17bb8e5eb6fa1a8a9477006)
    C:\Windows\system32\Drivers\SmartDefragDriver.sys
    2011/05/15 11:49:55.0814 1720 Smb
    (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/15 11:49:55.0954 1720 spldr
    (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/05/15 11:49:56.0157 1720 srv
    (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/15 11:49:56.0407 1720 srv2
    (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/15 11:49:56.0547 1720 srvnet
    (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/15 11:49:56.0734 1720 swenum
    (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/15 11:49:56.0875 1720 Symc8xx
    (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/05/15 11:49:56.0937 1720 Sym_hi
    (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/05/15 11:49:57.0031 1720 Sym_u3
    (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/05/15 11:49:57.0171 1720 SynTP
    (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/05/15 11:49:57.0249 1720 szkg5
    (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\DRIVERS\szkg.sys
    2011/05/15 11:49:57.0343 1720 szkgfs
    (410a02a920fa9daeec56364e839597c1) C:\Windows\system32\drivers\szkgfs.sys
    2011/05/15 11:49:57.0468 1720 Tcpip
    (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
    2011/05/15 11:49:57.0624 1720 Tcpip6
    (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/15 11:49:57.0764 1720 tcpipreg
    (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/15 11:49:57.0889 1720 tdcmdpst
    (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    2011/05/15 11:49:57.0936 1720 TDPIPE
    (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/15 11:49:58.0045 1720 TDTCP
    (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/15 11:49:58.0107 1720 tdx
    (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/15 11:49:58.0216 1720 TermDD
    (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/15 11:49:58.0450 1720 tos_sps32
    (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
    2011/05/15 11:49:58.0638 1720 tssecsrv
    (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/15 11:49:58.0778 1720 tunmp
    (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/05/15 11:49:58.0856 1720 tunnel
    (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/15 11:49:58.0950 1720 TVALZ
    (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    2011/05/15 11:49:59.0028 1720 uagp35
    (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/05/15 11:49:59.0168 1720 udfs
    (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/15 11:49:59.0340 1720 uliagpkx
    (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/05/15 11:49:59.0464 1720 uliahci
    (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/05/15 11:49:59.0605 1720 UlSata
    (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/05/15 11:49:59.0698 1720 ulsata2
    (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/05/15 11:49:59.0808 1720 umbus
    (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/15 11:49:59.0948 1720 usbccgp
    (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/15 11:50:00.0010 1720 usbcir
    (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/05/15 11:50:00.0135 1720 usbehci
    (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/15 11:50:00.0198 1720 usbhub
    (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/15 11:50:00.0307 1720 usbohci
    (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/05/15 11:50:00.0385 1720 usbprint
    (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/15 11:50:00.0510 1720 USBSTOR
    (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/15 11:50:00.0556 1720 usbuhci
    (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/15 11:50:00.0681 1720 usbvideo
    (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/05/15 11:50:00.0759 1720 vga
    (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/15 11:50:00.0884 1720 VgaSave
    (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/05/15 11:50:00.0946 1720 viaagp
    (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/05/15 11:50:01.0040 1720 ViaC7
    (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/05/15 11:50:01.0102 1720 viaide
    (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/05/15 11:50:01.0212 1720 volmgr
    (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/05/15 11:50:01.0274 1720 volmgrx
    (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/15 11:50:01.0399 1720 volsnap
    (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/05/15 11:50:01.0477 1720 vsmraid
    (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/05/15 11:50:01.0602 1720 WacomPen
    (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/05/15 11:50:01.0680 1720 Wanarp
    (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/15 11:50:01.0711 1720 Wanarpv6
    (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/15 11:50:01.0836 1720 Wd
    (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/05/15 11:50:01.0898 1720 Wdf01000
    (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/15 11:50:02.0085 1720 winachsf
    (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/05/15 11:50:02.0272 1720 WmiAcpi
    (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/05/15 11:50:02.0366 1720 ws2ifsl
    (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/15 11:50:02.0522 1720 WUDFRd
    (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/15 11:50:02.0600 1720 XAudio
    (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/05/15 11:50:02.0694 1720 \HardDisk1 - detected
    Rootkit.Win32.TDSS.tdl4 (0)
    2011/05/15 11:50:02.0787 1720
    ================================================================================
    2011/05/15 11:50:02.0787 1720 Scan finished
    2011/05/15 11:50:02.0787 1720
    ================================================================================
    2011/05/15 11:50:02.0818 1712 Detected object count: 1
    2011/05/15 11:50:16.0702 1712 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) -
    will be cured after reboot
    2011/05/15 11:50:16.0702 1712 \HardDisk1 - ok
    2011/05/15 11:50:16.0702 1712 Rootkit.Win32.TDSS.tdl4(\HardDisk1) -
    User select action: Cure
    2011/05/15 11:50:40.0368 1680 Deinitialize success
     
    mindplayer45,
    #20
Page 1 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...