Inactive Backdoors and PWS.Fignotok. BSOD when trying to remove the files

impedrolee · 2011/03/14

[Inactive] Backdoors and PWS.Fignotok. BSOD when trying to remove the files

Hi, I recently noticed that there were some strange processes running on task manager and found out that my computer is indeed infected. There were a lot of weird 242kb exe files and today on MBAM after a scan I found out I get a BSOD everytime I try to remove the files. I also can't run Safe Mode because when I do it says Video Mode not Supported, but here's the log I got from MBAM.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6058

Windows 6.1.7600
Internet Explorer 9.0.8080.16413

3/14/2011 9:37:56 PM
mbam-log-2011-03-14 (21-37-49).txt

Scan type: Quick scan
Objects scanned: 170616
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
c:\Users\user1\AppData\Roaming\svchost.exe (PWS.Fignotok) -> 2672 -> No action taken.
c:\Users\user1\AppData\Roaming\lsass.exe (Trojan.Agent) -> 2008 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6ABEFCA3-DF5D-CEFB-F3BC-BAB76E7EE12D} (PWS.Fignotok) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6ABEFCA3-DF5D-CEFB-F3BC-BAB76E7EE12D} (PWS.Fignotok) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{6ABEFCA3-DF5D-CEFB-F3BC-BAB76E7EE12D} (PWS.Fignotok) -> No action taken.
HKEY_CURRENT_USER\Software\victim (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SVC Host (PWS.Fignotok) -> Value: SVC Host -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SVC Host (PWS.Fignotok) -> Value: SVC Host -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SVC Host (PWS.Fignotok) -> Value: SVC Host -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSWUpdate (Trojan.Agent) -> Value: MSWUpdate -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSWUpdate (Trojan.Agent) -> Value: MSWUpdate -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Updater (Backdoor.IRCBot) -> Value: Windows Updater -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\Windows Update System (Trojan.Backdoor) -> Value: Windows Update System -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Bad: ( "C:\Users\user1\AppData\Roaming\lsass.exe ") Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Users\user1\AppData\Roaming\lsass.exe ") Good: (Explorer.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\user1\AppData\Roaming\svchost.exe (PWS.Fignotok) -> No action taken.
c:\Users\user1\AppData\Roaming\lsass.exe (Trojan.Agent) -> No action taken.
c:\Users\user1\AppData\Roaming\ctfmon.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\user1\AppData\Roaming\smss.exe (Trojan.Ransom) -> No action taken.
c:\Users\user1\AppData\Roaming\winlogon.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\user1\AppData\Roaming\microsoft\svchosts.exe (Backdoor.Bot) -> No action taken.
c:\Users\user1\AppData\Local\Temp\15949.exe (Trojan.Ransom) -> No action taken.
c:\Users\user1\AppData\Local\Temp\4950.exe (Trojan.Agent) -> No action taken.
c:\Users\user1\local settings\temporary internet files\Content.IE5\LRQPYRVM\server[1].exe (Backdoor.Fynloski) -> No action taken.
c:\Users\user1\AppData\Roaming\data.dat (Stolen.Data) -> No action taken.
c:\Users\user1\AppData\Roaming\install\svchost.exe (Backdoor.SpyNet) -> No action taken.
c:\Windows\System32\install\svchost.exe (Backdoor.SpyNet) -> No action taken.
c:\Windows\SysWOW64\install\svchost.exe (Backdoor.SpyNet) -> No action taken.

broni · 2011/03/14

Welcome aboard

Please, complete all steps listed here: this post

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Your MBAM log says "No action taken" after each line.
Re-run it, FIX all issues and post new log.

impedrolee · 2011/03/14

This is the GMER Log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-14 22:51:21
Windows 6.1.7600
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB6 0x86 0x5F 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x33 0x80 0xE2 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE5 0x65 0x01 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB6 0x86 0x5F 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x33 0x80 0xE2 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE5 0x65 0x01 0x01 ...

---- EOF - GMER 1.0.15 ----

MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP35-DS4
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 198):
0x0301B000 \SystemRoot\system32\ntoskrnl.exe
0x035F8000 \SystemRoot\system32\hal.dll
0x00BBC000 \SystemRoot\system32\kdcom.dll
0x00CB8000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CFC000 \SystemRoot\system32\PSHED.dll
0x00D10000 \SystemRoot\system32\CLFS.SYS
0x00E3B000 \SystemRoot\system32\CI.dll
0x00EFB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F9F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01012000 \SystemRoot\System32\Drivers\spbg.sys
0x01146000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x0114F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0117E000 \SystemRoot\system32\drivers\ACPI.sys
0x011D5000 \SystemRoot\system32\drivers\msisadrv.sys
0x011DF000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FAE000 \SystemRoot\system32\drivers\pci.sys
0x00FE1000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\system32\drivers\volmgr.sys
0x00D6E000 \SystemRoot\System32\drivers\volmgrx.sys
0x011EC000 \SystemRoot\system32\drivers\pciide.sys
0x01000000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E15000 \SystemRoot\System32\drivers\mountmgr.sys
0x011F3000 \SystemRoot\system32\drivers\atapi.sys
0x00DCA000 \SystemRoot\system32\drivers\ataport.SYS
0x00E2F000 \SystemRoot\system32\drivers\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C4C000 \SystemRoot\system32\drivers\fileinfo.sys
0x0120D000

impedrolee · 2011/03/14

I took no action because everytime I try to fix the issues I get a BSOD and my computer restarts. and sorry for the double post but this is the DDS log:
e .
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by user1 at 22:54:47.79 on Mon 03/14/2011
Internet Explorer: 9.0.8080.16413 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.877 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\INCAInternet\nProtect HKP\nphkpsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\user1\AppData\Roaming\svchost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\vVX1000.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\user1\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Shell=Explorer.exe "C:\Users\user1\AppData\Roaming\lsass.exe "
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Windows Updater] C:\Users\user1\AppData\Roaming\Windows\winuser.exe
uRun: [SVC Host] C:\Users\user1\AppData\Roaming\svchost.exe
uRun: [MSWUpdate] "C:\Users\user1\AppData\Roaming\lsass.exe "
mRun: [SVC Host] C:\Users\user1\AppData\Roaming\svchost.exe
mRun: [MSWUpdate] "C:\Users\user1\AppData\Roaming\lsass.exe "
mExplorerRun: [SVC Host] C:\Users\user1\AppData\Roaming\svchost.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: ¾Ã‹Ã…Ã¸¹Ã™ ºÃ¼¸¥°Ã‹»Ã¶(&Q) -
IE: ??? ????(&Q) - C:\Program Files (x86)\ESTsoft\ALToolbar\ALToolBand_1630.dll/23/SEARCH.HTML
Trusted Zone: ichotelsgroup.com\secure
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {6ABEFCA3-DF5D-CEFB-F3BC-BAB76E7EE12D} - C:\Users\user1\AppData\Roaming\svchost.exe
mASetup: {BCD8D95D-D8DC-5DCA-EFF0-4B49DFE5FECE} - C:\Users\user1\AppData\Roaming\dark.exe
mASetup: {DACFA6CA-EDDA-49BB-E51D-E9D16E46CDCE} - C:\Users\user1\AppData\Roaming\userinits.exe
mASetup: {E9DCCB7A-5A4C-AD5B-5BDF-ADF11C0BAE7E} - C:\Users\user1\AppData\Roaming\NJHAN2LDGX.exe
uASetup: {6ABEFCA3-DF5D-CEFB-F3BC-BAB76E7EE12D} - C:\Users\user1\AppData\Roaming\svchost.exe
uASetup: {BCD8D95D-D8DC-5DCA-EFF0-4B49DFE5FECE} - C:\Users\user1\AppData\Roaming\dark.exe
uASetup: {DACFA6CA-EDDA-49BB-E51D-E9D16E46CDCE} - C:\Users\user1\AppData\Roaming\userinits.exe
uASetup: {E9DCCB7A-5A4C-AD5B-5BDF-ADF11C0BAE7E} - C:\Users\user1\AppData\Roaming\NJHAN2LDGX.exe
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
mRun-x64: [VX1000] C:\Windows\vVX1000.exe
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\h0mkxkaf.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google.com
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\h0mkxkaf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\h0mkxkaf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\user1\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-3 203776]
R2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2010-3-19 19432]
R2 HOSTNT;HOSTNT;C:\Windows\System32\drivers\hostnt.sys [2010-4-11 13864]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-14 363344]
R2 nphkpsvc;nProtect HKPrevent Service;C:\Program Files (x86)\INCAInternet\nProtect HKP\nphkpsvc.exe [2010-1-7 233472]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-5-21 173352]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-14 2250616]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-3 8120320]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-3 289792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-3 116752]
R3 Grand;SafeNet GrandDog USB Driver;C:\Windows\System32\drivers\GrandUsb.sys [2010-4-11 76968]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-3-14 24152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 136176]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-4-9 1038088]
.
=============== Created Last 30 ================
.
2011-03-14 23:34:53 -------- d-----w- C:\Users\user1\AppData\Roaming\Malwarebytes
2011-03-14 23:34:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-14 23:34:49 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-14 23:34:46 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-14 23:34:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-14 23:32:02 -------- d-----w- C:\Users\user1\AppData\Roaming\fag.exe
2011-03-14 23:31:58 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ACE6BA2C-35A1-433F-8C09-EEA87702545A}\mpengine.dll
2011-03-14 22:09:35 81409 ------w- C:\Users\user1\AppData\Roaming\lsass.exe
2011-03-14 22:07:57 110593 --sh--r- C:\Users\user1\AppData\Roaming\smss.exe
2011-03-10 23:48:14 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-10 21:55:12 -------- d-sh--r- C:\Users\user1\AppData\Roaming\sysanalizer
2011-03-10 20:39:28 81920 --sh--r- C:\Users\user1\AppData\Roaming\udBiHCHyK.exe
2011-03-09 23:10:02 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 23:10:01 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-09 23:10:01 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 23:10:01 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-09 23:10:01 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 23:10:01 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 23:10:01 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 23:10:01 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 23:09:59 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-09 23:09:59 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-09 23:09:58 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-03-09 23:09:58 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-03-09 23:09:58 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-09 23:09:50 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 23:09:49 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 23:09:49 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 23:09:49 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-08 00:17:09 -------- d-----w- C:\Program Files\iTunes
2011-03-08 00:17:09 -------- d-----w- C:\Program Files\iPod
2011-03-08 00:17:09 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-08 00:14:14 -------- d-----w- C:\Program Files\Bonjour
2011-03-08 00:14:14 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-03-05 13:11:46 -------- d-----w- C:\Users\user1\AppData\Roaming\NVIDIA
2011-03-04 00:37:51 -------- d-----w- C:\Program Files\Microsoft LifeCam
2011-03-04 00:37:51 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2011-03-04 00:37:25 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-03-04 00:37:22 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-03-03 14:30:21 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-03-03 14:30:21 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-03-03 14:28:34 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-03 14:28:34 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-03-03 14:28:34 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-03 14:28:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-03-02 01:04:29 -------- d-----w- C:\Windows\SysWow64\Wat
2011-03-02 01:04:29 -------- d-----w- C:\Windows\System32\Wat
2011-03-02 00:41:18 -------- d-sh--r- C:\Users\user1\AppData\Roaming\install
2011-03-01 04:26:39 -------- d-sh--r- C:\Windows\SysWow64\install
2011-03-01 04:26:38 1228276 ---ha-r- C:\PROGRA~3\test.exe
2011-03-01 03:28:39 -------- d-----w- C:\PROGRA~3\TeamViewer GmbH
2011-02-25 23:27:22 413696 ------w- C:\Users\user1\AppData\Roaming\svchost.exe
2011-02-25 22:33:53 80896 --sh--r- C:\Users\user1\AppData\Roaming\winlogon.exe
2011-02-25 22:33:53 80896 --sh--r- C:\Users\user1\AppData\Roaming\ctfmon.exe
2011-02-25 15:28:48 126976 --sha-r- C:\Users\user1\AppData\Roaming\Microsoft\svchosts.exe
2011-02-24 19:39:57 -------- d-----w- C:\Windows\System32\SPReview
2011-02-24 19:39:06 -------- d-----w- C:\Windows\System32\EventProviders
2011-02-24 15:00:10 -------- d-----w- C:\Downloads
2011-02-24 02:32:03 -------- d-----w- C:\PROGRA~3\Farbs
2011-02-24 02:31:52 -------- d-----w- C:\Program Files (x86)\ROM CHECK FAIL
2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-17 03:28:45 -------- d-----w- C:\Program Files (x86)\AMR to MP3 Converter
2011-02-17 00:25:31 -------- d-----w- C:\Program Files (x86)\SimPE
2011-02-16 23:27:35 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-02-16 23:27:35 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-02-16 23:27:35 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-02-16 23:27:35 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-02-16 23:27:35 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-02-16 23:25:59 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-02-16 23:25:59 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-02-16 23:25:58 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-02-16 23:25:58 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-02-16 23:25:58 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-02-16 23:25:58 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2011-02-16 23:25:58 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-02-16 23:25:58 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-02-16 23:25:58 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-02-16 23:25:58 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-02-16 23:25:58 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2011-02-16 23:25:02 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-16 23:25:02 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-16 23:23:24 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-02-16 23:23:23 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-16 23:23:23 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-16 23:23:23 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-16 23:23:23 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-16 23:23:23 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-02-16 23:09:49 -------- d-----w- C:\Windows\SysWow64\neoncube
2011-02-16 22:55:49 -------- d-----w- C:\Program Files (x86)\EKRO
2011-02-14 23:30:12 278016 ----a-w- C:\Windows\SysWow64\aisExif.dll
2011-02-14 23:30:11 57344 ----a-w- C:\Windows\SysWow64\mp3SpecX4.dll
2011-02-14 23:30:11 113664 ----a-w- C:\Windows\SysWow64\APIGID32.DLL
2011-02-14 23:30:10 39424 ----a-w- C:\Windows\SysWow64\rpiAccessProcess.dll
2011-02-14 23:30:05 231139 ----a-w- C:\Windows\SysWow64\BtnPlus1.ocx
2011-02-14 23:30:03 44752 ----a-w- C:\Windows\SysWow64\FMDROP32.OCX
2011-02-14 23:30:03 167936 ----a-w- C:\Windows\SysWow64\ccrpftv6.ocx
2011-02-14 23:29:59 178889 ----a-w- C:\Windows\SysWow64\FraPlus1.ocx
2011-02-14 23:29:58 76496 ----a-w- C:\Windows\SysWow64\mftp32.ocx
2011-02-14 23:29:55 212240 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX
2011-02-14 23:29:54 65536 ----a-w- C:\Windows\SysWow64\sblist.ocx
2011-02-14 23:29:51 224016 ----a-w- C:\Windows\SysWow64\TABCTL32.OCX
2011-02-14 23:29:49 129024 ----a-w- C:\Windows\SysWow64\vdgt.ocx
2011-02-14 23:28:48 -------- d-----w- C:\Program Files (x86)\Creative Element Power Tools
2011-02-14 02:52:11 -------- d-----w- C:\Users\user1\AppData\Roaming\DVDVideoSoft
.
==================== Find3M ====================
.
2011-03-02 01:04:49 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2011-03-02 01:04:49 14848 ----a-w- C:\Windows\System32\slwga.dll
2011-03-02 01:04:49 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2011-03-02 00:15:17 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-02 00:15:16 175104 ----a-w- C:\Windows\System32\msclmd.dll
2011-02-03 02:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-10 01:52:19 21832 ----a-w- C:\Windows\System32\drivers\hamachi.sys
2011-01-04 01:03:29 21610496 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-04 01:02:20 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-04 01:01:39 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-04 01:01:39 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-04 01:01:38 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-04 01:00:41 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-04 01:00:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-04 01:00:19 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-04 01:00:17 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-04 01:00:04 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-04 01:00:04 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-04 00:59:09 648704 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-04 00:58:59 4794368 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-04 00:58:57 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-04 00:58:57 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-04 00:58:51 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-04 00:58:29 351232 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-04 00:58:13 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-04 00:58:07 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-04 00:58:02 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-04 00:58:01 8120320 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-01-04 00:57:56 4066816 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-04 00:57:56 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-04 00:57:51 3217408 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-04 00:57:39 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-04 00:57:27 5441024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-04 00:56:17 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-04 00:56:03 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-01-04 00:55:58 289792 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-01-04 00:55:57 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-04 00:55:54 4122624 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-04 00:55:54 16702976 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-04 00:55:52 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-04 00:55:41 6815232 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-04 00:55:05 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-04 00:54:24 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-04 00:53:33 478720 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-04 00:53:30 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-04 00:52:59 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-04 00:52:59 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-04 00:52:44 5258240 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-04 00:52:30 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-04 00:52:30 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-01-04 00:52:23 550400 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-04 00:52:16 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-04 00:52:09 116752 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2011-01-04 00:51:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2009-06-10 21:23:22 1169224 --sha-r- C:\Windows\SysWOW64\install\svchost.exe
.
============= FINISH: 22:55:24.24 ===============

broni · 2011/03/15

MBRCheck log is incomplete.
Please, repost it.

Attach.txt part of DDS is missing.

impedrolee · 2011/03/15

Here's MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP35-DS4
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 199):
0x03006000 \SystemRoot\system32\ntoskrnl.exe
0x035E3000 \SystemRoot\system32\hal.dll
0x00BB2000 \SystemRoot\system32\kdcom.dll
0x00C22000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C66000 \SystemRoot\system32\PSHED.dll
0x00C7A000 \SystemRoot\system32\CLFS.SYS
0x00CD8000 \SystemRoot\system32\CI.dll
0x00EA0000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F44000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0101B000 \SystemRoot\System32\Drivers\spks.sys
0x0114F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01158000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01187000 \SystemRoot\system32\drivers\ACPI.sys
0x011DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x011E8000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F53000 \SystemRoot\system32\drivers\pci.sys
0x01000000 \SystemRoot\System32\drivers\partmgr.sys
0x00F86000 \SystemRoot\system32\drivers\volmgr.sys
0x00F9B000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F5000 \SystemRoot\system32\drivers\pciide.sys
0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E2A000 \SystemRoot\system32\drivers\atapi.sys
0x00E33000 \SystemRoot\system32\drivers\ataport.SYS
0x00E5D000 \SystemRoot\system32\drivers\amdxata.sys
0x00D98000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E68000 \SystemRoot\system32\drivers\fileinfo.sys
0x01254000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01471000 \SystemRoot\System32\Drivers\msrpc.sys
0x014CF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014E9000 \SystemRoot\System32\Drivers\cng.sys
0x0155C000 \SystemRoot\System32\drivers\pcw.sys
0x0156D000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0169D000 \SystemRoot\system32\drivers\ndis.sys
0x0178F000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01675000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01577000 \SystemRoot\system32\drivers\volsnap.sys
0x01685000 \SystemRoot\System32\Drivers\spldr.sys
0x015C3000 \SystemRoot\System32\drivers\rdyboost.sys
0x01400000 \SystemRoot\System32\Drivers\mup.sys
0x0168D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01412000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0144C000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03C82000 \SystemRoot\system32\drivers\cdrom.sys
0x03CAC000 \SystemRoot\System32\Drivers\Null.SYS
0x03CB5000 \SystemRoot\System32\Drivers\Beep.SYS
0x03CBC000 \SystemRoot\System32\drivers\vga.sys
0x03CCA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03CEF000 \SystemRoot\System32\drivers\watchdog.sys
0x03CFF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03D08000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03D11000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03D1A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03D25000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03D36000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03D54000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03D61000 \SystemRoot\system32\drivers\afd.sys
0x03C00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03C45000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03C4E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x00E7C000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03DEB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00C00000 \SystemRoot\system32\DRIVERS\serial.sys
0x00DE4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03A01000 \SystemRoot\system32\drivers\termdd.sys
0x03A15000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03A2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A80000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A8C000 \SystemRoot\system32\drivers\mssmbios.sys
0x03A97000 \SystemRoot\System32\drivers\discache.sys
0x03AA6000 \SystemRoot\system32\drivers\csc.sys
0x03B29000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B47000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B58000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B7E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03B94000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0488F000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x050A0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05194000 \SystemRoot\System32\drivers\dxgmms1.sys
0x051DA000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04800000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0480D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04863000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04874000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04074000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x040CA000 \SystemRoot\system32\drivers\1394ohci.sys
0x04108000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04114000 \SystemRoot\system32\DRIVERS\parport.sys
0x04131000 \SystemRoot\system32\drivers\i8042prt.sys
0x0414F000 \SystemRoot\system32\drivers\kbdclass.sys
0x0415E000 \SystemRoot\System32\Drivers\aj4mcrpu.SYS
0x041A0000 \SystemRoot\system32\drivers\CompositeBus.sys
0x041B0000 \SystemRoot\System32\Drivers\RootMdm.sys
0x041B8000 \SystemRoot\system32\drivers\modem.sys
0x041C7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04024000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04030000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x041DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03EE3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03F04000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03F1E000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x03F26000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03F31000 \SystemRoot\system32\drivers\mouclass.sys
0x03F40000 \SystemRoot\system32\drivers\swenum.sys
0x03F42000 \SystemRoot\system32\drivers\ks.sys
0x03F85000 \SystemRoot\system32\drivers\umbus.sys
0x03F97000 \SystemRoot\system32\drivers\usbhub.sys
0x03E00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03E15000 \SystemRoot\system32\drivers\AtihdW76.sys
0x03E35000 \SystemRoot\system32\drivers\portcls.sys
0x03E72000 \SystemRoot\system32\drivers\drmk.sys
0x03E94000 \SystemRoot\system32\drivers\ksthunk.sys
0x04279000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0449B000 \SystemRoot\system32\drivers\hidusb.sys
0x044A9000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x044C2000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x044CB000 \SystemRoot\system32\drivers\USBD.SYS
0x044CD000 \SystemRoot\system32\DRIVERS\GrandUsb.sys
0x044DF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x044EC000 \SystemRoot\system32\DRIVERS\point64.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x044FC000 \SystemRoot\System32\drivers\Dxapi.sys
0x04508000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x00830000 \SystemRoot\System32\ATMFD.DLL
0x00620000 \SystemRoot\System32\cdd.dll
0x04516000 \SystemRoot\system32\drivers\luafv.sys
0x04539000 \SystemRoot\system32\drivers\WudfPf.sys
0x0455A000 \SystemRoot\system32\DRIVERS\udfs.sys
0x045AE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x045BC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x045C8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x045D1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x045E4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04200000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04253000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03E9A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0280E000 \SystemRoot\system32\drivers\HTTP.sys
0x028D6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x028F4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0290C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02939000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02987000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x029AA000 \SystemRoot\System32\Drivers\adfs.SYS
0x029C2000 \??\C:\Windows\system32\drivers\cpuz132_x64.sys
0x029CA000 \??\C:\Windows\system32\drivers\hostnt.sys
0x04622000 \SystemRoot\system32\drivers\peauth.sys
0x046C8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x046D3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04700000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04712000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05E17000 \SystemRoot\System32\DRIVERS\srv.sys
0x05EAD000 \??\C:\Windows\system32\drivers\mbam.sys
0x05EB7000 \SystemRoot\system32\drivers\spsys.sys
0x771A0000 \Windows\System32\ntdll.dll
0x48130000 \Windows\System32\smss.exe
0xFF4C0000 \Windows\System32\apisetschema.dll
0xFF7E0000 \Windows\System32\autochk.exe
0xFF430000 \Windows\System32\shlwapi.dll
0x77050000 \Windows\System32\urlmon.dll
0x76F30000 \Windows\System32\kernel32.dll
0xFF410000 \Windows\System32\imagehlp.dll
0xFF3C0000 \Windows\System32\ws2_32.dll
0xFF3B0000 \Windows\System32\nsi.dll
0xFF360000 \Windows\System32\Wldap32.dll
0xFF290000 \Windows\System32\usp10.dll
0xFF080000 \Windows\System32\ole32.dll
0xFF000000 \Windows\System32\difxapi.dll
0xFEF60000 \Windows\System32\clbcatq.dll
0xFEF40000 \Windows\System32\sechost.dll
0xFEE30000 \Windows\System32\msctf.dll
0xFED90000 \Windows\System32\comdlg32.dll
0x76DD0000 \Windows\System32\wininet.dll
0xFECF0000 \Windows\System32\msvcrt.dll
0x76CD0000 \Windows\System32\user32.dll
0xFEBC0000 \Windows\System32\rpcrt4.dll
0xFEB50000 \Windows\System32\gdi32.dll
0x77370000 \Windows\System32\normaliz.dll
0x77360000 \Windows\System32\psapi.dll
0xFEA70000 \Windows\System32\oleaut32.dll
0xFEA40000 \Windows\System32\imm32.dll
0x76AC0000 \Windows\System32\iertutil.dll
0xFE960000 \Windows\System32\advapi32.dll
0xFE950000 \Windows\System32\lpk.dll
0xFDBC0000 \Windows\System32\shell32.dll
0xFD9E0000 \Windows\System32\setupapi.dll
0xFD9C0000 \Windows\System32\devobj.dll
0xFD980000 \Windows\System32\cfgmgr32.dll
0xFD910000 \Windows\System32\KernelBase.dll
0xFD7A0000 \Windows\System32\crypt32.dll
0xFD760000 \Windows\System32\wintrust.dll
0xFD6C0000 \Windows\System32\comctl32.dll
0xFD6B0000 \Windows\System32\msasn1.dll
0x75AC0000 \Windows\SysWOW64\normaliz.dll

Processes (total 64):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
484 csrss.exe
556 C:\Windows\System32\wininit.exe
568 csrss.exe
616 C:\Windows\System32\services.exe
648 C:\Windows\System32\winlogon.exe
668 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\atiesrxx.exe
1000 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\atieclxx.exe
1436 C:\Windows\System32\spoolsv.exe
1464 C:\Windows\System32\svchost.exe
1564 C:\Windows\SysWOW64\svchost.exe
1620 C:\Windows\SysWOW64\svchost.exe
1688 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
1740 C:\Windows\System32\svchost.exe
1800 C:\Program Files (x86)\INCAInternet\nProtect HKP\nphkpsvc.exe
1888 C:\Windows\System32\svchost.exe
1908 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1988 C:\Windows\System32\taskhost.exe
1164 C:\Windows\System32\dwm.exe
1644 C:\Windows\explorer.exe
2188 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2208 C:\Windows\System32\svchost.exe
2276 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
2300 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2344 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2436 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2444 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2452 C:\Program Files\Java\jre6\bin\jusched.exe
2460 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2468 C:\Windows\vVX1000.exe
2512 svchost.exe
2548 C:\Program Files\Windows Sidebar\sidebar.exe
2888 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2668 C:\Windows\System32\svchost.exe
2588 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
2684 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3088 C:\Users\user1\AppData\Roaming\lsass.exe
3184 C:\Windows\System32\SearchIndexer.exe
3292 C:\Windows\System32\svchost.exe
3960 WmiPrvSE.exe
2112 C:\Windows\System32\svchost.exe
3024 C:\Program Files\Windows Media Player\wmpnetwk.exe
464 dllhost.exe
3760 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
1876 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\sppsvc.exe
2632 C:\Windows\System32\wuauclt.exe
3460 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3780 C:\Program Files (x86)\Internet Explorer\iexplore.exe
548 C:\Windows\System32\audiodg.exe
2768 C:\Users\user1\Downloads\MBRCheck.exe
2844 C:\Windows\System32\conhost.exe
2860 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (32)

Done!

impedrolee · 2011/03/15

and this is the attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2010 6:01:15 AM
System Uptime: 3/15/2011 8:04:04 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS4
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 3125/250mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 234 GiB total, 65.794 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
RP164: 3/10/2011 5:39:11 PM - Removed Windows Internet Explorer Platform Preview
RP165: 3/10/2011 6:20:43 PM - Installed ESET NOD32 Antivirus
RP166: 3/10/2011 6:47:30 PM - Installed HiJackThis
RP167: 3/10/2011 7:15:38 PM - Windows Update
RP168: 3/14/2011 7:30:58 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avira.com
Hosts: 127.0.0.1 www.Symantec.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.virustotal.com
.
==== Installed Programs ======================
.
Ã€§µÃ°½ºÃ…© ActiveX
¾Ã‹¾¾
¾Ã‹¼Ã›
¾Ã‹¼Ã®
¾Ã‹Ã†Ã½º
¾Ã‹Ã…Ã¸¹Ã™
¾Ã‹Ã…Ã¸ÃÃ® ¾Ã·µ¥Ã€ÃŒÃ†®
¾Ã‹FTP
µTorrent
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
Akamai NetSession Interface
AMR to MP3 Converter 1.4
Apple Application Support
Apple Software Update
ATI Catalyst Registration
Audacity 1.3.12 (Unicode)
BannedStory 3.0
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software Updater
BlackBerry® Media Sync
BufferChm
BurnAware Free 2.4.4
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Cheat Engine 5.6.1
Connect
Copy
Counter-Strike: Source
CyberLink PhotoNow
Dedicated Server
Destinations
DeviceDiscovery
DiskAid 4.51
DJ_AIO_05_F4400_Software_Min
DJMaxTrilogy
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
EA Download Manager
EA Download Manager UI
EVEREST Ultimate Edition v5.30
Extension Copy (remove only)
F4400
Feedback Tool
Free Audio CD Burner version 1.4
Free Video to iPod Converter version 4.2.14
Free YouTube to MP3 Converter version 3.9
Garena 2010
GoldWave v5.55
Google Chrome
Google Update Helper
GPBaseService2
Grand Theft Auto IV
GrandDog Run Time System V1.0.35
GTA San Andreas
Guitar Hero III
Hamachi 1.0.1.5
HHD Software Free Hex Editor Neo 4.95
HiJackThis
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
IsoBuster 2.8
Java Auto Updater
Java(TM) 6 Update 24
Korean Fonts Support For Adobe Reader 9
kuler
LAME v3.98.2 for Audacity
League of Legends
Left 4 Dead 2
Malwarebytes' Anti-Malware
MapleStory
MarketResearch
Microsoft Choice Guard
Microsoft Corporation
Microsoft Default Manager
Microsoft DirectX SDK (February 2010)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.3)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Tools for 5.0
Native Instruments Audio 4 DJ Driver
Native Instruments Audio 8 DJ Driver
Native Instruments Service Center
Native Instruments Traktor
NBA 2K11
Nero 8 Essentials
neroxml
Nexon Game Manager
NFS Underground 2 Mega Trainer
nProtect nGuard
NVIDIA PhysX
ooVoo
Pando Media Booster
Pcsx2 0.9.6
PDF Settings CS4
Photoshop Camera Raw
PowerISO
Pro Evolution Soccer 2011
QuickTime
Realtek High Definition Audio Driver
Rockstar Games Social Club
ROM CHECK FAIL 1.0
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SharpEye 1
SimPE 0.72 (alpha)
SmartSound Quicktracks Plugin
SmartWebPrinting
SolutionCenter
Status
Steam
StepMania (remove only)
Suite Shared Configuration CS4
Switch Sound File Converter
System Requirements Lab
TeamViewer 5
TeamViewer 6
The Sims 2
The Sims 2 Nightlife
Toolbox
TouchCopy 09
TrayApp
TS3 Install Helper Monkey
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
VCRedistSetup
Virtual DJ - Atomix Productions
VLC media player 1.0.5
WampServer 2.0
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
WinSCP 4.2.9
.
==== Event Viewer Messages From Past Week ========
.
3/9/2011 6:31:58 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/9/2011 6:31:57 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
3/9/2011 6:30:57 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/9/2011 6:29:58 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2011 6:29:58 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2011 6:29:58 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2011 6:29:58 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2011 6:29:58 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2011 6:29:58 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2011 6:29:58 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2011 6:29:58 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2011 6:29:58 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2011 6:29:57 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2011 6:29:57 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2011 6:29:57 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2011 6:29:57 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2011 6:29:57 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2011 6:29:57 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2011 6:29:57 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2011 6:29:57 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2011 6:22:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2508979).
3/9/2011 6:22:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Windows Malicious Software Removal Tool x64 - March 2011 (KB890830).
3/9/2011 6:22:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2505438).
3/9/2011 6:22:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2479943).
3/15/2011 8:38:42 AM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
3/14/2011 8:40:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80044e2b30, 0xfffffa80044e2e10, 0xfffff800033c42d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-20716-01.
3/14/2011 8:11:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8004539b30, 0xfffffa8004539e10, 0xfffff800033802d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-19531-01.
3/14/2011 8:02:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800407db30, 0xfffffa800407de10, 0xfffff800033c52d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-19172-01.
3/14/2011 12:15:59 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/14/2011 12:15:59 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
3/14/2011 12:15:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
3/14/2011 10:18:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80041b6b30, 0xfffffa80041b6e10, 0xfffff800033cc2d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-22744-01.
3/11/2011 6:19:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
3/11/2011 6:19:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 6:19:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2011 6:19:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2011 6:19:48 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 6:19:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 6:19:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2011 6:19:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 6:19:48 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 6:19:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2011 6:19:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2011 7:26:03 PM, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2011 7:24:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD SmartWare Background Service service to connect.
3/10/2011 7:24:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80041a6b30, 0xfffffa80041a6e10, 0xfffff800033832d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031011-34757-01.
3/10/2011 6:31:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800419eb30, 0xfffffa800419ee10, 0xfffff8000337c2d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031011-37221-01.
3/10/2011 5:10:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/10/2011 5:10:45 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/10/2011 5:09:04 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/10/2011 5:00:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2011 5:00:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2011 5:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/10/2011 5:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/10/2011 5:00:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/10/2011 4:59:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/10/2011 4:59:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SCDEmu spldr Wanarpv6
3/10/2011 4:59:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8004209b30, 0xfffffa8004209e10, 0xfffff8000338d2d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031011-39717-01.
3/10/2011 4:56:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8004206b30, 0xfffffa8004206e10, 0xfffff800033dc2d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031011-25365-01.
3/10/2011 4:53:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8002419b30, 0xfffffa8002419e10, 0xfffff8000337b2d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031011-25755-01.
3/10/2011 4:43:46 PM, Error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

broni · 2011/03/15

Your MBAM log says "No action taken" after each line.
Re-run it, FIX all issues and post new log.
Click to expand...

.....

impedrolee · 2011/03/15

Like I said, my problem is i cant fix them. i go straight into a BSOD

broni · 2011/03/15

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

impedrolee · 2011/03/15

Here's the problem. I BSOD when ComboFix loads up and I can't go into Safe Mode either because when I do go into Safe Mode it says Video Mode Not Supported. :x so im kinda stuck. I checked multiple times to see if this was the case

broni · 2011/03/15

Did you try option #2:

2. Delete Combofix file, download fresh one......and so on

impedrolee · 2011/03/15

yeah same result every time. I get a STOP: 0x000000xf4 bsod

broni · 2011/03/15

Did you run rKill first?

impedrolee · 2011/03/15

rkill gave me a bsod as well

broni · 2011/03/15

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

impedrolee · 2011/03/15

2011/03/15 21:22:13.0157 0892 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/15 21:22:13.0297 0892 ================================================================================
2011/03/15 21:22:13.0297 0892 SystemInfo:
2011/03/15 21:22:13.0297 0892
2011/03/15 21:22:13.0297 0892 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/15 21:22:13.0297 0892 Product type: Workstation
2011/03/15 21:22:13.0297 0892 ComputerName: USER1-PC
2011/03/15 21:22:13.0297 0892 UserName: user1
2011/03/15 21:22:13.0297 0892 Windows directory: C:\Windows
2011/03/15 21:22:13.0297 0892 System windows directory: C:\Windows
2011/03/15 21:22:13.0297 0892 Running under WOW64
2011/03/15 21:22:13.0297 0892 Processor architecture: Intel x64
2011/03/15 21:22:13.0297 0892 Number of processors: 2
2011/03/15 21:22:13.0297 0892 Page size: 0x1000
2011/03/15 21:22:13.0297 0892 Boot type: Normal boot
2011/03/15 21:22:13.0297 0892 ================================================================================
2011/03/15 21:22:13.0527 0892 Initialize success
2011/03/15 21:22:16.0975 4164 ================================================================================
2011/03/15 21:22:16.0975 4164 Scan started
2011/03/15 21:22:16.0975 4164 Mode: Manual;
2011/03/15 21:22:16.0975 4164 ================================================================================
2011/03/15 21:22:17.0599 4164 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
2011/03/15 21:22:17.0677 4164 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
2011/03/15 21:22:17.0723 4164 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
2011/03/15 21:22:17.0801 4164 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/03/15 21:22:17.0895 4164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/15 21:22:17.0957 4164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/15 21:22:18.0004 4164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/15 21:22:18.0082 4164 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/15 21:22:18.0145 4164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/03/15 21:22:18.0223 4164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/03/15 21:22:18.0269 4164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/03/15 21:22:18.0332 4164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/15 21:22:18.0597 4164 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/15 21:22:18.0691 4164 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/03/15 21:22:18.0722 4164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/15 21:22:18.0784 4164 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
2011/03/15 21:22:18.0847 4164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/15 21:22:18.0878 4164 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
2011/03/15 21:22:18.0956 4164 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/15 21:22:19.0034 4164 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/15 21:22:19.0065 4164 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/15 21:22:19.0127 4164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/15 21:22:19.0190 4164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/03/15 21:22:19.0283 4164 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
2011/03/15 21:22:19.0408 4164 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
2011/03/15 21:22:19.0486 4164 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
2011/03/15 21:22:19.0720 4164 atikmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/15 21:22:19.0861 4164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/15 21:22:19.0939 4164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/15 21:22:20.0001 4164 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/15 21:22:20.0063 4164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/15 21:22:20.0141 4164 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/15 21:22:20.0188 4164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/15 21:22:20.0235 4164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/15 21:22:20.0282 4164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/15 21:22:20.0313 4164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/15 21:22:20.0375 4164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/15 21:22:20.0438 4164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/15 21:22:20.0485 4164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/15 21:22:20.0547 4164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/15 21:22:20.0609 4164 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
2011/03/15 21:22:20.0672 4164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/15 21:22:20.0734 4164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/15 21:22:20.0828 4164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/15 21:22:20.0890 4164 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/03/15 21:22:20.0921 4164 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/15 21:22:20.0968 4164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/15 21:22:21.0062 4164 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
2011/03/15 21:22:21.0140 4164 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
2011/03/15 21:22:21.0187 4164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/15 21:22:21.0313 4164 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/03/15 21:22:21.0473 4164 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/15 21:22:21.0493 4164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/15 21:22:21.0523 4164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/15 21:22:21.0593 4164 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/15 21:22:21.0653 4164 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\drivers\Dot4Prt.sys
2011/03/15 21:22:21.0683 4164 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/15 21:22:21.0723 4164 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/15 21:22:21.0933 4164 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/15 21:22:22.0053 4164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/15 21:22:22.0123 4164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/15 21:22:22.0183 4164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/03/15 21:22:22.0223 4164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/15 21:22:22.0253 4164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/15 21:22:22.0293 4164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/15 21:22:22.0333 4164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/15 21:22:22.0343 4164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/15 21:22:22.0383 4164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/15 21:22:22.0443 4164 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/15 21:22:22.0493 4164 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/15 21:22:22.0543 4164 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/15 21:22:22.0633 4164 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/15 21:22:22.0683 4164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/15 21:22:22.0743 4164 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/15 21:22:22.0933 4164 Grand (6917449730ad413aee8507c57b304338) C:\Windows\system32\DRIVERS\GrandUsb.sys
2011/03/15 21:22:22.0983 4164 hamachi (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
2011/03/15 21:22:23.0013 4164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/15 21:22:23.0083 4164 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/03/15 21:22:23.0173 4164 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
2011/03/15 21:22:23.0203 4164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/15 21:22:23.0243 4164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/15 21:22:23.0273 4164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/15 21:22:23.0333 4164 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
2011/03/15 21:22:23.0433 4164 HOSTNT (e8ebba56ea799e1e62748c59e1a4c586) C:\Windows\system32\drivers\hostnt.sys
2011/03/15 21:22:23.0493 4164 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
2011/03/15 21:22:23.0533 4164 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/15 21:22:23.0563 4164 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/15 21:22:23.0613 4164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/03/15 21:22:23.0653 4164 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
2011/03/15 21:22:23.0683 4164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/15 21:22:23.0793 4164 IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys
2011/03/15 21:22:23.0843 4164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/03/15 21:22:23.0863 4164 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/15 21:22:23.0893 4164 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/15 21:22:23.0943 4164 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
2011/03/15 21:22:23.0973 4164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/15 21:22:24.0033 4164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/15 21:22:24.0073 4164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/03/15 21:22:24.0103 4164 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
2011/03/15 21:22:24.0163 4164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/03/15 21:22:24.0203 4164 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
2011/03/15 21:22:24.0233 4164 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/15 21:22:24.0283 4164 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/15 21:22:24.0303 4164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/15 21:22:24.0353 4164 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/15 21:22:24.0403 4164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/15 21:22:24.0463 4164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/15 21:22:24.0493 4164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/15 21:22:24.0543 4164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/15 21:22:24.0573 4164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/15 21:22:24.0653 4164 MBAMProtector (3d3c4b63f11f63f50253e734f0ace9f2) C:\Windows\system32\drivers\mbam.sys
2011/03/15 21:22:24.0703 4164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/15 21:22:24.0733 4164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/15 21:22:24.0793 4164 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/15 21:22:24.0849 4164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/15 21:22:24.0893 4164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/03/15 21:22:24.0933 4164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/15 21:22:24.0953 4164 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/15 21:22:24.0993 4164 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
2011/03/15 21:22:25.0023 4164 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/15 21:22:25.0053 4164 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/15 21:22:25.0093 4164 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/15 21:22:25.0113 4164 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/15 21:22:25.0163 4164 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/15 21:22:25.0223 4164 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
2011/03/15 21:22:25.0283 4164 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
2011/03/15 21:22:25.0323 4164 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/15 21:22:25.0343 4164 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/15 21:22:25.0383 4164 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/03/15 21:22:25.0433 4164 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/15 21:22:25.0473 4164 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/15 21:22:25.0493 4164 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/15 21:22:25.0523 4164 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/15 21:22:25.0553 4164 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/03/15 21:22:25.0573 4164 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/15 21:22:25.0603 4164 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/15 21:22:25.0643 4164 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/15 21:22:25.0683 4164 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/15 21:22:25.0733 4164 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/15 21:22:25.0773 4164 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/15 21:22:25.0803 4164 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/15 21:22:25.0833 4164 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/15 21:22:25.0853 4164 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/15 21:22:25.0873 4164 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/15 21:22:25.0913 4164 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/15 21:22:25.0943 4164 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/15 21:22:25.0993 4164 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/15 21:22:26.0043 4164 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/15 21:22:26.0213 4164 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/15 21:22:26.0273 4164 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/15 21:22:26.0303 4164 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/15 21:22:26.0353 4164 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
2011/03/15 21:22:26.0393 4164 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
2011/03/15 21:22:26.0443 4164 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/03/15 21:22:26.0533 4164 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/03/15 21:22:26.0603 4164 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/15 21:22:26.0623 4164 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/15 21:22:26.0683 4164 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
2011/03/15 21:22:26.0703 4164 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/03/15 21:22:26.0733 4164 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/15 21:22:26.0763 4164 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/15 21:22:26.0803 4164 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/15 21:22:26.0915 4164 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
2011/03/15 21:22:26.0946 4164 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/15 21:22:26.0977 4164 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/15 21:22:27.0008 4164 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/15 21:22:27.0071 4164 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/15 21:22:27.0102 4164 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/15 21:22:27.0133 4164 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/15 21:22:27.0149 4164 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/15 21:22:27.0211 4164 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/15 21:22:27.0242 4164 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/15 21:22:27.0273 4164 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/15 21:22:27.0305 4164 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/15 21:22:27.0336 4164 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/15 21:22:27.0351 4164 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/15 21:22:27.0367 4164 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/15 21:22:27.0398 4164 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/03/15 21:22:27.0445 4164 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/15 21:22:27.0461 4164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/15 21:22:27.0492 4164 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/15 21:22:27.0523 4164 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/15 21:22:27.0585 4164 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/03/15 21:22:27.0648 4164 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/03/15 21:22:27.0695 4164 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/03/15 21:22:27.0726 4164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/15 21:22:27.0788 4164 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/03/15 21:22:27.0835 4164 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys
2011/03/15 21:22:27.0913 4164 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
2011/03/15 21:22:27.0975 4164 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
2011/03/15 21:22:27.0991 4164 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/15 21:22:28.0069 4164 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/15 21:22:28.0116 4164 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/15 21:22:28.0147 4164 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/15 21:22:28.0194 4164 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/15 21:22:28.0256 4164 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/03/15 21:22:28.0272 4164 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/15 21:22:28.0287 4164 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/15 21:22:28.0319 4164 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/15 21:22:28.0350 4164 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/15 21:22:28.0381 4164 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/15 21:22:28.0412 4164 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/15 21:22:28.0459 4164 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/15 21:22:28.0584 4164 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
2011/03/15 21:22:28.0584 4164 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
2011/03/15 21:22:28.0584 4164 sptd - detected Locked file (1)
2011/03/15 21:22:28.0646 4164 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/15 21:22:28.0693 4164 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/15 21:22:28.0740 4164 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/15 21:22:28.0833 4164 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/15 21:22:28.0896 4164 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys
2011/03/15 21:22:28.0927 4164 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys
2011/03/15 21:22:28.0943 4164 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/03/15 21:22:29.0052 4164 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/15 21:22:29.0130 4164 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/15 21:22:29.0161 4164 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/15 21:22:29.0192 4164 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/15 21:22:29.0223 4164 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/15 21:22:29.0286 4164 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/15 21:22:29.0364 4164 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
2011/03/15 21:22:29.0411 4164 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/15 21:22:29.0442 4164 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/15 21:22:29.0473 4164 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/15 21:22:29.0504 4164 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/15 21:22:29.0567 4164 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/15 21:22:29.0629 4164 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
2011/03/15 21:22:29.0645 4164 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/15 21:22:29.0707 4164 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/03/15 21:22:29.0769 4164 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/03/15 21:22:29.0816 4164 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/15 21:22:29.0889 4164 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/03/15 21:22:29.0919 4164 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/15 21:22:29.0959 4164 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
2011/03/15 21:22:29.0989 4164 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/15 21:22:30.0019 4164 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/15 21:22:30.0069 4164 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/15 21:22:30.0099 4164 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\drivers\USBSTOR.SYS
2011/03/15 21:22:30.0129 4164 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/15 21:22:30.0199 4164 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/03/15 21:22:30.0229 4164 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/15 21:22:30.0249 4164 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/15 21:22:30.0289 4164 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
2011/03/15 21:22:30.0329 4164 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/03/15 21:22:30.0369 4164 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys
2011/03/15 21:22:30.0409 4164 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys
2011/03/15 21:22:30.0449 4164 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
2011/03/15 21:22:30.0479 4164 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/15 21:22:30.0509 4164 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
2011/03/15 21:22:30.0539 4164 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/15 21:22:30.0609 4164 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/15 21:22:30.0639 4164 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/15 21:22:30.0749 4164 VX1000 (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys
2011/03/15 21:22:30.0809 4164 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/15 21:22:30.0859 4164 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/15 21:22:30.0879 4164 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/15 21:22:30.0939 4164 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/15 21:22:30.0999 4164 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
2011/03/15 21:22:31.0069 4164 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/15 21:22:31.0139 4164 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/15 21:22:31.0159 4164 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/15 21:22:31.0249 4164 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/15 21:22:31.0319 4164 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/15 21:22:31.0379 4164 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/15 21:22:31.0419 4164 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/15 21:22:31.0459 4164 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/15 21:22:31.0569 4164 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
2011/03/15 21:22:31.0879 4164 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
2011/03/15 21:22:31.0925 4164 ================================================================================
2011/03/15 21:22:31.0925 4164 Scan finished
2011/03/15 21:22:31.0925 4164 ================================================================================
2011/03/15 21:22:31.0941 2324 Detected object count: 1
2011/03/15 21:22:39.0323 2324 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
2011/03/15 21:22:39.0323 2324 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
2011/03/15 21:22:39.0323 2324 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
2011/03/15 21:22:39.0323 2324 Locked file(sptd) - User select action: Quarantine

broni · 2011/03/15

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

impedrolee · 2011/03/15

.\debug.cpp(238) : Debug log started at 16.03.2011 - 01:35:37
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 64-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x0305c000 0x005dd000 "\SystemRoot\system32\ntoskrnl.exe "
.\debug.cpp(256) : 0x03013000 0x00049000 "\SystemRoot\system32\hal.dll "
.\debug.cpp(256) : 0x00bce000 0x0000a000 "\SystemRoot\system32\kdcom.dll "
.\debug.cpp(256) : 0x00c49000 0x00044000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll "
.\debug.cpp(256) : 0x00c8d000 0x00014000 "\SystemRoot\system32\PSHED.dll "
.\debug.cpp(256) : 0x00ca1000 0x0005e000 "\SystemRoot\system32\CLFS.SYS "
.\debug.cpp(256) : 0x00cff000 0x000c0000 "\SystemRoot\system32\CI.dll "
.\debug.cpp(256) : 0x00ee3000 0x000a4000 "\SystemRoot\system32\drivers\Wdf01000.sys "
.\debug.cpp(256) : 0x00f87000 0x0000f000 "\SystemRoot\system32\drivers\WDFLDR.SYS "
.\debug.cpp(256) : 0x01024000 0x00134000 "\SystemRoot\System32\Drivers\spez.sys "
.\debug.cpp(256) : 0x01158000 0x00009000 "\SystemRoot\System32\Drivers\WMILIB.SYS "
.\debug.cpp(256) : 0x01161000 0x0002f000 "\SystemRoot\System32\Drivers\SCSIPORT.SYS "
.\debug.cpp(256) : 0x01190000 0x00057000 "\SystemRoot\system32\drivers\ACPI.sys "
.\debug.cpp(256) : 0x011e7000 0x0000a000 "\SystemRoot\system32\drivers\msisadrv.sys "
.\debug.cpp(256) : 0x011f1000 0x0000d000 "\SystemRoot\system32\drivers\vdrvroot.sys "
.\debug.cpp(256) : 0x00f96000 0x00033000 "\SystemRoot\system32\drivers\pci.sys "
.\debug.cpp(256) : 0x01000000 0x00015000 "\SystemRoot\System32\drivers\partmgr.sys "
.\debug.cpp(256) : 0x00fc9000 0x00015000 "\SystemRoot\system32\drivers\volmgr.sys "
.\debug.cpp(256) : 0x00e00000 0x0005c000 "\SystemRoot\System32\drivers\volmgrx.sys "
.\debug.cpp(256) : 0x01015000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys "
.\debug.cpp(256) : 0x00e5c000 0x00010000 "\SystemRoot\system32\drivers\PCIIDEX.SYS "
.\debug.cpp(256) : 0x00e6c000 0x0001a000 "\SystemRoot\System32\drivers\mountmgr.sys "
.\debug.cpp(256) : 0x00e86000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys "
.\debug.cpp(256) : 0x00e8f000 0x0002a000 "\SystemRoot\system32\drivers\ataport.SYS "
.\debug.cpp(256) : 0x00eb9000 0x0000b000 "\SystemRoot\system32\drivers\amdxata.sys "
.\debug.cpp(256) : 0x012ee000 0x0004c000 "\SystemRoot\system32\drivers\fltmgr.sys "
.\debug.cpp(256) : 0x0133a000 0x00014000 "\SystemRoot\system32\drivers\fileinfo.sys "
.\debug.cpp(256) : 0x0143f000 0x001a3000 "\SystemRoot\System32\Drivers\Ntfs.sys "
.\debug.cpp(256) : 0x0134e000 0x0005e000 "\SystemRoot\System32\Drivers\msrpc.sys "
.\debug.cpp(256) : 0x015e2000 0x0001a000 "\SystemRoot\System32\Drivers\ksecdd.sys "
.\debug.cpp(256) : 0x01200000 0x00073000 "\SystemRoot\System32\Drivers\cng.sys "
.\debug.cpp(256) : 0x01400000 0x00011000 "\SystemRoot\System32\drivers\pcw.sys "
.\debug.cpp(256) : 0x01411000 0x0000a000 "\SystemRoot\System32\Drivers\Fs_Rec.sys "
.\debug.cpp(256) : 0x016ac000 0x000f2000 "\SystemRoot\system32\drivers\ndis.sys "
.\debug.cpp(256) : 0x0179e000 0x00060000 "\SystemRoot\system32\drivers\NETIO.SYS "
.\debug.cpp(256) : 0x01600000 0x0002b000 "\SystemRoot\System32\Drivers\ksecpkg.sys "
.\debug.cpp(256) : 0x01803000 0x001fd000 "\SystemRoot\System32\drivers\tcpip.sys "
.\debug.cpp(256) : 0x0162b000 0x0004a000 "\SystemRoot\System32\drivers\fwpkclnt.sys "
.\debug.cpp(256) : 0x01675000 0x00010000 "\SystemRoot\system32\drivers\vmstorfl.sys "
.\debug.cpp(256) : 0x01273000 0x0004c000 "\SystemRoot\system32\drivers\volsnap.sys "
.\debug.cpp(256) : 0x01685000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys "
.\debug.cpp(256) : 0x013ac000 0x0003a000 "\SystemRoot\System32\drivers\rdyboost.sys "
.\debug.cpp(256) : 0x0168d000 0x00012000 "\SystemRoot\System32\Drivers\mup.sys "
.\debug.cpp(256) : 0x0169f000 0x00009000 "\SystemRoot\System32\drivers\hwpolicy.sys "
.\debug.cpp(256) : 0x00dbf000 0x0003a000 "\SystemRoot\System32\DRIVERS\fvevol.sys "
.\debug.cpp(256) : 0x0141b000 0x00016000 "\SystemRoot\system32\DRIVERS\disk.sys "
.\debug.cpp(256) : 0x00c00000 0x00030000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS "
.\debug.cpp(256) : 0x02c32000 0x0002a000 "\SystemRoot\system32\drivers\cdrom.sys "
.\debug.cpp(256) : 0x02c5c000 0x00009000 "\SystemRoot\System32\Drivers\Null.SYS "
.\debug.cpp(256) : 0x02c65000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS "
.\debug.cpp(256) : 0x02c6c000 0x0000e000 "\SystemRoot\System32\drivers\vga.sys "
.\debug.cpp(256) : 0x02c7a000 0x00025000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS "
.\debug.cpp(256) : 0x02c9f000 0x00010000 "\SystemRoot\System32\drivers\watchdog.sys "
.\debug.cpp(256) : 0x02caf000 0x00009000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
.\debug.cpp(256) : 0x02cb8000 0x00009000 "\SystemRoot\system32\drivers\rdpencdd.sys "
.\debug.cpp(256) : 0x02cc1000 0x00009000 "\SystemRoot\system32\drivers\rdprefmp.sys "
.\debug.cpp(256) : 0x02cca000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS "
.\debug.cpp(256) : 0x02cd5000 0x00011000 "\SystemRoot\System32\Drivers\Npfs.SYS "
.\debug.cpp(256) : 0x02ce6000 0x0001e000 "\SystemRoot\system32\DRIVERS\tdx.sys "
.\debug.cpp(256) : 0x02d04000 0x0000d000 "\SystemRoot\system32\DRIVERS\TDI.SYS "
.\debug.cpp(256) : 0x02d11000 0x0008a000 "\SystemRoot\system32\drivers\afd.sys "
.\debug.cpp(256) : 0x02d9b000 0x00045000 "\SystemRoot\System32\DRIVERS\netbt.sys "
.\debug.cpp(256) : 0x02de0000 0x00009000 "\SystemRoot\system32\DRIVERS\wfplwf.sys "
.\debug.cpp(256) : 0x02c00000 0x00026000 "\SystemRoot\system32\DRIVERS\pacer.sys "
.\debug.cpp(256) : 0x02de9000 0x00016000 "\SystemRoot\system32\DRIVERS\vwififlt.sys "
.\debug.cpp(256) : 0x012d2000 0x0000f000 "\SystemRoot\system32\DRIVERS\netbios.sys "
.\debug.cpp(256) : 0x00ec4000 0x0001d000 "\SystemRoot\system32\DRIVERS\serial.sys "
.\debug.cpp(256) : 0x00fde000 0x0001b000 "\SystemRoot\system32\DRIVERS\wanarp.sys "
.\debug.cpp(256) : 0x00c30000 0x00014000 "\SystemRoot\system32\drivers\termdd.sys "
.\debug.cpp(256) : 0x03a28000 0x0001a000 "\SystemRoot\System32\Drivers\SCDEmu.SYS "
.\debug.cpp(256) : 0x03a42000 0x00051000 "\SystemRoot\system32\DRIVERS\rdbss.sys "
.\debug.cpp(256) : 0x03a93000 0x0000c000 "\SystemRoot\system32\drivers\nsiproxy.sys "
.\debug.cpp(256) : 0x03a9f000 0x0000b000 "\SystemRoot\system32\drivers\mssmbios.sys "
.\debug.cpp(256) : 0x03aaa000 0x0000f000 "\SystemRoot\System32\drivers\discache.sys "
.\debug.cpp(256) : 0x03ab9000 0x00083000 "\SystemRoot\system32\drivers\csc.sys "
.\debug.cpp(256) : 0x03b3c000 0x0001e000 "\SystemRoot\System32\Drivers\dfsc.sys "
.\debug.cpp(256) : 0x03b5a000 0x00011000 "\SystemRoot\system32\DRIVERS\blbdrive.sys "
.\debug.cpp(256) : 0x03b6b000 0x00026000 "\SystemRoot\system32\DRIVERS\tunnel.sys "
.\debug.cpp(256) : 0x03b91000 0x00016000 "\SystemRoot\system32\DRIVERS\intelppm.sys "
.\debug.cpp(256) : 0x03ba7000 0x0004c000 "\SystemRoot\system32\DRIVERS\atikmpag.sys "
.\debug.cpp(256) : 0x03cc4000 0x00811000 "\SystemRoot\system32\DRIVERS\atikmdag.sys "
.\debug.cpp(256) : 0x044d5000 0x000f4000 "\SystemRoot\System32\drivers\dxgkrnl.sys "
.\debug.cpp(256) : 0x03c00000 0x00046000 "\SystemRoot\System32\drivers\dxgmms1.sys "
.\debug.cpp(256) : 0x03c46000 0x00024000 "\SystemRoot\system32\drivers\HDAudBus.sys "
.\debug.cpp(256) : 0x03c6a000 0x0000d000 "\SystemRoot\system32\DRIVERS\usbuhci.sys "
.\debug.cpp(256) : 0x04871000 0x00056000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS "
.\debug.cpp(256) : 0x048c7000 0x00011000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
.\debug.cpp(256) : 0x048d8000 0x0000d000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys "
.\debug.cpp(256) : 0x048e5000 0x00056000 "\SystemRoot\system32\DRIVERS\Rt64win7.sys "
.\debug.cpp(256) : 0x0493b000 0x0003e000 "\SystemRoot\system32\drivers\1394ohci.sys "
.\debug.cpp(256) : 0x04979000 0x0000c000 "\SystemRoot\system32\DRIVERS\serenum.sys "
.\debug.cpp(256) : 0x04985000 0x0001d000 "\SystemRoot\system32\DRIVERS\parport.sys "
.\debug.cpp(256) : 0x049a2000 0x0001e000 "\SystemRoot\system32\drivers\i8042prt.sys "
.\debug.cpp(256) : 0x049c0000 0x0000f000 "\SystemRoot\system32\drivers\kbdclass.sys "
.\debug.cpp(256) : 0x04800000 0x00042000 "\SystemRoot\System32\Drivers\a8ofl93y.SYS "
.\debug.cpp(256) : 0x04842000 0x00010000 "\SystemRoot\system32\drivers\CompositeBus.sys "
.\debug.cpp(256) : 0x04852000 0x00008000 "\SystemRoot\System32\Drivers\RootMdm.sys "
.\debug.cpp(256) : 0x0485a000 0x0000f000 "\SystemRoot\system32\drivers\modem.sys "
.\debug.cpp(256) : 0x049cf000 0x00016000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys "
.\debug.cpp(256) : 0x03c77000 0x00024000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys "
.\debug.cpp(256) : 0x049e5000 0x0000c000 "\SystemRoot\system32\DRIVERS\ndistapi.sys "
.\debug.cpp(256) : 0x045c9000 0x0002f000 "\SystemRoot\system32\DRIVERS\ndiswan.sys "
.\debug.cpp(256) : 0x03c9b000 0x0001b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys "
.\debug.cpp(256) : 0x03a00000 0x00021000 "\SystemRoot\system32\DRIVERS\raspptp.sys "
.\debug.cpp(256) : 0x04aa1000 0x0001a000 "\SystemRoot\system32\DRIVERS\rassstp.sys "
.\debug.cpp(256) : 0x04abb000 0x00008000 "\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys "
.\debug.cpp(256) : 0x04ac3000 0x0000b000 "\SystemRoot\system32\DRIVERS\rdpbus.sys "
.\debug.cpp(256) : 0x04ace000 0x0000f000 "\SystemRoot\system32\drivers\mouclass.sys "
.\debug.cpp(256) : 0x04add000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys "
.\debug.cpp(256) : 0x04adf000 0x00043000 "\SystemRoot\system32\drivers\ks.sys "
.\debug.cpp(256) : 0x04b22000 0x00012000 "\SystemRoot\system32\drivers\umbus.sys "
.\debug.cpp(256) : 0x04b34000 0x0005a000 "\SystemRoot\system32\drivers\usbhub.sys "
.\debug.cpp(256) : 0x04b8e000 0x00015000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
.\debug.cpp(256) : 0x04ba3000 0x00020000 "\SystemRoot\system32\drivers\AtihdW76.sys "
.\debug.cpp(256) : 0x04bc3000 0x0003d000 "\SystemRoot\system32\drivers\portcls.sys "
.\debug.cpp(256) : 0x04a00000 0x00022000 "\SystemRoot\system32\drivers\drmk.sys "
.\debug.cpp(256) : 0x04a22000 0x00006000 "\SystemRoot\system32\drivers\ksthunk.sys "
.\debug.cpp(256) : 0x04cbe000 0x00222000 "\SystemRoot\system32\drivers\RTKVHD64.sys "
.\debug.cpp(256) : 0x04ee0000 0x0000e000 "\SystemRoot\system32\drivers\hidusb.sys "
.\debug.cpp(256) : 0x04eee000 0x00019000 "\SystemRoot\system32\drivers\HIDCLASS.SYS "
.\debug.cpp(256) : 0x04f07000 0x00009000 "\SystemRoot\system32\drivers\HIDPARSE.SYS "
.\debug.cpp(256) : 0x04f10000 0x00002000 "\SystemRoot\system32\drivers\USBD.SYS "
.\debug.cpp(256) : 0x04f12000 0x00012000 "\SystemRoot\system32\DRIVERS\GrandUsb.sys "
.\debug.cpp(256) : 0x04f24000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
.\debug.cpp(256) : 0x04f31000 0x00010000 "\SystemRoot\system32\DRIVERS\point64.sys "
.\debug.cpp(256) : 0x000e0000 0x00310000 "\SystemRoot\System32\win32k.sys "
.\debug.cpp(256) : 0x04f41000 0x0000c000 "\SystemRoot\System32\drivers\Dxapi.sys "
.\debug.cpp(256) : 0x04f4d000 0x00054000 "\SystemRoot\system32\DRIVERS\udfs.sys "
.\debug.cpp(256) : 0x04fa1000 0x0000e000 "\SystemRoot\System32\Drivers\crashdmp.sys "
.\debug.cpp(256) : 0x04faf000 0x0000c000 "\SystemRoot\System32\Drivers\dump_dumpata.sys "
.\debug.cpp(256) : 0x04fbb000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys "
.\debug.cpp(256) : 0x04fc4000 0x00013000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys "
.\debug.cpp(256) : 0x04fd7000 0x0000e000 "\SystemRoot\system32\DRIVERS\monitor.sys "
.\debug.cpp(256) : 0x00410000 0x0000a000 "\SystemRoot\System32\TSDDD.dll "
.\debug.cpp(256) : 0x006b0000 0x00027000 "\SystemRoot\System32\cdd.dll "
.\debug.cpp(256) : 0x00980000 0x00061000 "\SystemRoot\System32\ATMFD.DLL "
.\debug.cpp(256) : 0x04c00000 0x00023000 "\SystemRoot\system32\drivers\luafv.sys "
.\debug.cpp(256) : 0x04c23000 0x00021000 "\SystemRoot\system32\drivers\WudfPf.sys "
.\debug.cpp(256) : 0x04c44000 0x00015000 "\SystemRoot\system32\DRIVERS\lltdio.sys "
.\debug.cpp(256) : 0x04c59000 0x00053000 "\SystemRoot\system32\DRIVERS\nwifi.sys "
.\debug.cpp(256) : 0x04fe5000 0x00013000 "\SystemRoot\system32\DRIVERS\ndisuio.sys "
.\debug.cpp(256) : 0x04a28000 0x00018000 "\SystemRoot\system32\DRIVERS\rspndr.sys "
.\debug.cpp(256) : 0x03487000 0x000c8000 "\SystemRoot\system32\drivers\HTTP.sys "
.\debug.cpp(256) : 0x0354f000 0x0001e000 "\SystemRoot\system32\DRIVERS\bowser.sys "
.\debug.cpp(256) : 0x0356d000 0x00018000 "\SystemRoot\System32\drivers\mpsdrv.sys "
.\debug.cpp(256) : 0x03585000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys "
.\debug.cpp(256) : 0x035b2000 0x0004e000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys "
.\debug.cpp(256) : 0x03400000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys "
.\debug.cpp(256) : 0x03423000 0x00018000 "\SystemRoot\System32\Drivers\adfs.SYS "
.\debug.cpp(256) : 0x0343b000 0x00008000 "\??\C:\Windows\system32\drivers\cpuz132_x64.sys "
.\debug.cpp(256) : 0x03443000 0x00007000 "\??\C:\Windows\system32\drivers\hostnt.sys "
.\debug.cpp(256) : 0x05201000 0x000a6000 "\SystemRoot\system32\drivers\peauth.sys "
.\debug.cpp(256) : 0x052a7000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS "
.\debug.cpp(256) : 0x052b2000 0x0002d000 "\SystemRoot\System32\DRIVERS\srvnet.sys "
.\debug.cpp(256) : 0x052df000 0x00012000 "\SystemRoot\System32\drivers\tcpipreg.sys "
.\debug.cpp(256) : 0x052f1000 0x00067000 "\SystemRoot\System32\DRIVERS\srv2.sys "
.\debug.cpp(256) : 0x05358000 0x00096000 "\SystemRoot\System32\DRIVERS\srv.sys "
.\debug.cpp(256) : 0x053ee000 0x0000a000 "\??\C:\Windows\system32\drivers\mbam.sys "
.\debug.cpp(256) : 0x77b40000 0x001ac000 "\Windows\System32\ntdll.dll "
.\debug.cpp(256) : 0x47eb0000 0x00020000 "\Windows\System32\smss.exe "
.\debug.cpp(256) : 0xffe60000 0x00050000 "\Windows\System32\apisetschema.dll "
.\debug.cpp(256) : 0xff850000 0x000c1000 "\Windows\System32\autochk.exe "
.\debug.cpp(256) : 0x77a40000 0x000fa000 "\Windows\System32\user32.dll "
.\debug.cpp(256) : 0x778e0000 0x0015a000 "\Windows\System32\wininet.dll "
.\debug.cpp(256) : 0xffe00000 0x00050000 "\Windows\System32\Wldap32.dll "
.\debug.cpp(256) : 0x77d10000 0x00007000 "\Windows\System32\psapi.dll "
.\debug.cpp(256) : 0xffd20000 0x000db000 "\Windows\System32\advapi32.dll "
.\debug.cpp(256) : 0xffb40000 0x001d7000 "\Windows\System32\setupapi.dll "
.\debug.cpp(256) : 0xffb30000 0x0000e000 "\Windows\System32\lpk.dll "
.\debug.cpp(256) : 0x77d00000 0x00003000 "\Windows\System32\normaliz.dll "
.\debug.cpp(256) : 0xffb00000 0x0002e000 "\Windows\System32\imm32.dll "
.\debug.cpp(256) : 0xff8f0000 0x00202000 "\Windows\System32\ole32.dll "
.\debug.cpp(256) : 0xff8d0000 0x00017000 "\Windows\System32\imagehlp.dll "
.\debug.cpp(256) : 0xff830000 0x0009f000 "\Windows\System32\msvcrt.dll "
.\debug.cpp(256) : 0xff700000 0x0012e000 "\Windows\System32\rpcrt4.dll "
.\debug.cpp(256) : 0xfe970000 0x00d86000 "\Windows\System32\shell32.dll "
.\debug.cpp(256) : 0xfe8f0000 0x00080000 "\Windows\System32\difxapi.dll "
.\debug.cpp(256) : 0xfe810000 0x000d7000 "\Windows\System32\oleaut32.dll "
.\debug.cpp(256) : 0x776d0000 0x0020d000 "\Windows\System32\iertutil.dll "
.\debug.cpp(256) : 0xfe790000 0x00071000 "\Windows\System32\shlwapi.dll "
.\debug.cpp(256) : 0x775b0000 0x0011f000 "\Windows\System32\kernel32.dll "
.\debug.cpp(256) : 0x77460000 0x0014b000 "\Windows\System32\urlmon.dll "
.\debug.cpp(256) : 0xfe720000 0x00067000 "\Windows\System32\gdi32.dll "
.\debug.cpp(256) : 0xfe700000 0x0001f000 "\Windows\System32\sechost.dll "
.\debug.cpp(256) : 0xfe660000 0x00099000 "\Windows\System32\clbcatq.dll "
.\debug.cpp(256) : 0xfe550000 0x00109000 "\Windows\System32\msctf.dll "
.\debug.cpp(256) : 0xfe540000 0x00008000 "\Windows\System32\nsi.dll "
.\debug.cpp(256) : 0xfe4a0000 0x00098000 "\Windows\System32\comdlg32.dll "
.\debug.cpp(256) : 0xfe450000 0x0004d000 "\Windows\System32\ws2_32.dll "
.\debug.cpp(256) : 0xfe380000 0x000ca000 "\Windows\System32\usp10.dll "
.\debug.cpp(256) : 0xfe310000 0x0006b000 "\Windows\System32\KernelBase.dll "
.\debug.cpp(256) : 0xfe2d0000 0x0003a000 "\Windows\System32\wintrust.dll "
.\debug.cpp(256) : 0xfe290000 0x00036000 "\Windows\System32\cfgmgr32.dll "
.\debug.cpp(256) : 0xfe270000 0x0001a000 "\Windows\System32\devobj.dll "
.\debug.cpp(256) : 0xfe1d0000 0x000a0000 "\Windows\System32\comctl32.dll "
.\debug.cpp(256) : 0xfe060000 0x00166000 "\Windows\System32\crypt32.dll "
.\debug.cpp(256) : 0xfe050000 0x0000f000 "\Windows\System32\msasn1.dll "
.\debug.cpp(256) : 0x77cf0000 0x00003000 "\Windows\SysWOW64\normaliz.dll "
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_UNM&Prod_2389IJK&Rev_3.5Z#5&36e5972&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Scsi\a8ofl93y1Port6Path0Target0Lun0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector "
.\debug.cpp(400) : Destination "\Device\MBAMProtector "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
.\debug.cpp(400) : Destination "\Device\Video4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000041 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318} "
.\debug.cpp(400) : Destination "\Device\00000065 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev3 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT "
.\debug.cpp(400) : Destination "\Device\00000050 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice "
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev4 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
.\debug.cpp(400) : Destination "\Device\Video0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_DVD_RW_DW-G120A____________________MYR5____#6&2ef86b8&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{338BC56D-7543-44FD-A14E-B623ABF877CA} "
.\debug.cpp(400) : Destination "\Device\NDMP3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice "
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&2f116ed5&0&0201#{86841137-ed8e-4d97-9975-f2ed56b4430e} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPA000#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\0000005b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\00000049 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000047 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\00000065 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_50041458&REV_02#3&13c0b0c5&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev5 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000004d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev6 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched "
.\debug.cpp(400) : Destination "\Device\Psched "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&2f116ed5&0&0201#{eb115ffc-10c8-4964-831d-6dcb02e6f23f} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{81ebb0c0-3255-11df-a0fc-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMaxtor_6Y250M0__________________________YAR51HW0#5&36a55c2a&0&1.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP3T1L0-a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E36EBDD-929F-447D-B66F-D2546599C73C} "
.\debug.cpp(400) : Destination "\Device\NDMP5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
.\debug.cpp(400) : Destination "\Device\AscKmd "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio "
.\debug.cpp(400) : Destination "\Device\Ndisuio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000044 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev10 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev7 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&30920a94&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_23_-_Pentium(R)_Dual-Core__CPU______E5200__@_2.50GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev11 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev8 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&6882b60&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde2Channel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1 "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E43D242B-9EAB-4626-A952-46649FBB939A} "
.\debug.cpp(400) : Destination "\Device\NDMP7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
.\debug.cpp(400) : Destination "\Device\0000007c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0040#6&11084765&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000007a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev12 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd12 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev9 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&6971058&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F: "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN "
.\debug.cpp(400) : Destination "\Device\AgileVPN "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&30920a94&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000043 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5 "
.\debug.cpp(400) : Destination "\Device\USBFDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev20 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd20 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev13 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd13 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
.\debug.cpp(400) : Destination "\Device\WMIDataDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth "
.\debug.cpp(400) : Destination "\Device\PEAuth "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice "
.\debug.cpp(400) : Destination "\Device\IPSECDOSP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
.\debug.cpp(400) : Destination "\Device\USBFDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev21 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd21 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev14 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd14 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_DVD_RW_DW-G120A____________________MYR5____#6&2ef86b8&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6 "
.\debug.cpp(400) : Destination "\Device\Video5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&2f116ed5&0&0201#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&25367554&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1} "
.\debug.cpp(400) : Destination "\Device\Parallel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&99f0121&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8024&SUBSYS_10001458&REV_00#4&30d54f48&0&30F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1 "
.\debug.cpp(400) : Destination "\Device\Serial0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev22 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd22 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev15 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd15 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
.\debug.cpp(400) : Destination "\Device\Mup "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G: "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt "
.\debug.cpp(400) : Destination "\Device\vwififlt "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_23_-_Pentium(R)_Dual-Core__CPU______E5200__@_2.50GHz#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000053 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
.\debug.cpp(400) : Destination "\Device\NDMP9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_01#4&39aeacf1&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev16 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd16 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
.\debug.cpp(400) : Destination "\Device\Video1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev17 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd17 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp "
.\debug.cpp(400) : Destination "\Device\Tcp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice "
.\debug.cpp(400) : Destination "\Device\SPDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&26397ab7&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev18 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd18 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1267f27a&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000067 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&bd04752&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000040 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000046 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4} "
.\debug.cpp(400) : Destination "\Device\0000003e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_50041458&REV_02#3&13c0b0c5&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
.\debug.cpp(400) : Destination "\DosDevices\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev19 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd19 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
.\debug.cpp(400) : Destination "\Device\WANARP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H: "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&2f116ed5&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000004c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_08E2&PID_0006#5&37cb472e&0&1#{a200af62-2529-4263-936d-24337967c586} "
.\debug.cpp(400) : Destination "\Device\USBPDO-8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_0040#5&22954613&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
.\debug.cpp(400) : Destination "\Device\MountPointManager "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056} "
.\debug.cpp(400) : Destination "\Device\NDMP11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6 "
.\debug.cpp(400) : Destination "\Device\USBFDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_UNM&Prod_2389IJK&Rev_3.5Z#5&36e5972&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Scsi\a8ofl93y1Port6Path0Target0Lun0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SAM4A75#5&64b0bba&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8} "
.\debug.cpp(400) : Destination "\Device\0000007b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&30920a94&0&0001#{dba43692-ad00-48aa-b1a7-ffa99a04ee17} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000041 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000045 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
.\debug.cpp(400) : Destination "\Device\USBFDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice "
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0040#6&11084765&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\0000007a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
.\debug.cpp(400) : Destination "\GLOBAL?? "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_944C&SUBSYS_20031787&REV_00#4&309465bd&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000043 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standard Modem "
.\debug.cpp(400) : Destination "\Device\0000003e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_944C&SUBSYS_20031787&REV_00#4&309465bd&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG: "
.\debug.cpp(400) : Destination "\clfs "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&2f116ed5&0&0201#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&30920a94&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_50061458&REV_02#3&13c0b0c5&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
.\debug.cpp(400) : Destination "\Device\Video2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000055 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505} "
.\debug.cpp(400) : Destination "\Device\00000050 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
.\debug.cpp(400) : Destination "\Device\MailSlot "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt "
.\debug.cpp(400) : Destination "\Device\WwanProt "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH "
.\debug.cpp(400) : Destination "\Device\NDMP8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_50041458&REV_02#3&13c0b0c5&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SAM4A75#5&64b0bba&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7} "
.\debug.cpp(400) : Destination "\Device\0000007b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&2f116ed5&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000045 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_50061458&REV_02#3&13c0b0c5&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6 "
.\debug.cpp(400) : Destination "\Device\WANARPV6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000051 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&6971058&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi "
.\debug.cpp(400) : Destination "\Device\Nsi "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&70ace42&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
.\debug.cpp(400) : Destination "\Device\FsWrap "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&23c85994&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{81ebb0bd-3255-11df-a0fc-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CPUZ132 "
.\debug.cpp(400) : Destination "\Device\cpuz132 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&269b1df4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{34699dc2-f125-4490-ae54-e7db91946f9e} "
.\debug.cpp(400) : Destination "\Device\0000004a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7 "
.\debug.cpp(400) : Destination "\Device\USBFDO-7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "

impedrolee · 2011/03/15

.\debug.cpp(400) : Destination "\Device\0000004f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&30920a94&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
.\debug.cpp(400) : Destination "\Device\Secdrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
.\debug.cpp(400) : Destination "\Device\USBFDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&6882b60&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde2Channel1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice "
.\debug.cpp(400) : Destination "\Device\NXTIPSEC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&2f116ed5&0&0201#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_50041458&REV_02#3&13c0b0c5&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
.\debug.cpp(400) : Destination "\??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} "
.\debug.cpp(400) : Destination "\Device\NDMP12 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv "
.\debug.cpp(400) : Destination "\Device\SstpDrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun "
.\debug.cpp(400) : Destination "\Device\TeredoTun "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
.\debug.cpp(400) : Destination "\Device\Video3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DDE9B65D-1445-46E5-BE55-58E2B19920AC} "
.\debug.cpp(400) : Destination "\Device\NDMP1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} "
.\debug.cpp(400) : Destination "\Device\NDMP13 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev "
.\debug.cpp(400) : Destination "\Device\WFP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&30920a94&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi6: "
.\debug.cpp(400) : Destination "\Device\Scsi\a8ofl93y1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{53C2A0AD-A22C-4D50-B39F-3A184165982E} "
.\debug.cpp(400) : Destination "\Device\NDMP2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8631F6C3-2925-4D9A-A67D-DF36A4C00F2F} "
.\debug.cpp(400) : Destination "\Device\NDMP6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice "
.\debug.cpp(400) : Destination "\Device\MPS "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle "
.\debug.cpp(400) : Destination "\Device\WfpAle "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
.\debug.cpp(400) : Destination "\Device\Ndis "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement "
.\debug.cpp(400) : Destination "\Device\ProcessManagement "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&88ab043&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2d364fd6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000046 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{953ad796-1f97-4aac-b0c3-24ea46dfc091} "
.\debug.cpp(400) : Destination "\Device\0000004a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000044 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&23c85994&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A77DA00E-14D7-4784-9997-49E0E3C3E43D} "
.\debug.cpp(400) : Destination "\Device\NDMP4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Point32Filter "
.\debug.cpp(400) : Destination "\Device\Point32Filter "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000042 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{34699dc2-f125-4490-ae54-e7db91946f9e} "
.\debug.cpp(400) : Destination "\Device\00000049 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&1267f27a&0#{97f76ef0-f883-11d0-af1f-0000f800845c} "
.\debug.cpp(400) : Destination "\Device\00000066 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_01#4&39aeacf1&0&00E5#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0 "
.\debug.cpp(400) : Destination "\Device\1394BUS0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl "
.\debug.cpp(400) : Destination "\Device\PartmgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
.\debug.cpp(400) : Destination "\Device\NamedPipe "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
.\debug.cpp(400) : Destination " "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostNt "
.\debug.cpp(400) : Destination "\Device\HostNt "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000040 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ADVirtualDiskDevice "
.\debug.cpp(400) : Destination "\Device\ADVirtualDisk\Control "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_08E2&PID_0006#5&37cb472e&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000004e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\0000004a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6 "
.\debug.cpp(400) : Destination "\Device\NDMP10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_50041458&REV_02#3&13c0b0c5&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_50041458&REV_02#3&13c0b0c5&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
.\debug.cpp(400) : Destination "\DosDevices\COM1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000059 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1 "
.\debug.cpp(400) : Destination "\Device\Parallel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
.\debug.cpp(400) : Destination "\Device\Null "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev0 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{68de001a-2a3a-11e0-a77f-001d7d002fa4} "
.\debug.cpp(400) : Destination "\Device\CdRom1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
.\debug.cpp(400) : Destination "\Device\USBFDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev1 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{81ebb0bb-3255-11df-a0fc-806e6f6e6963}#0000000000007E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
.\debug.cpp(400) : Destination "\Device\NdisWan "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
.\debug.cpp(400) : Destination "\Device\USBFDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&30b58b36&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000047 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{953ad796-1f97-4aac-b0c3-24ea46dfc091} "
.\debug.cpp(400) : Destination "\Device\00000049 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4 "
.\debug.cpp(400) : Destination "\??\Root#PORTS#0001#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev2 "
.\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd2 "
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 233 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;

Log in or Sign up

Inactive Backdoors and PWS.Fignotok. BSOD when trying to remove the files

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

impedrolee Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Backdoors and PWS.Fignotok. BSOD when trying to remove the files

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

broni Moderator Malware Analyst

impedrolee Inactive Thread Starter

impedrolee Inactive Thread Starter

Share This Page

Useful Searches