1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Hijack.TaskManager, TDSSConf-A, Security 2012

Discussion in 'Malware and Virus Removal Archive' started by wisserd, 2011/12/20.

Page 2 of 3
  1. 2011/12/22
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    Let it run all night and day no change. Shut it down and webroot came up with (mal/TDSSConf-A is attempting to access the file system) I clicked block it and am now running a full system scan.
     
    wisserd,
    #21
  2. 2011/12/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    When done post new Bootkit Remover log.
     
    broni,
    #22


  3. to hide this advert.

  4. 2011/12/22
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    .\debug.cpp(238) : Debug log started at 23.12.2011 - 03:16:51
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x804d7000 0x00214900 "\WINDOWS\system32\ntoskrnl.exe "
    .\debug.cpp(256) : 0x806ec000 0x00020380 "\WINDOWS\system32\hal.dll "
    .\debug.cpp(256) : 0xf8c36000 0x00002000 "\WINDOWS\system32\KDCOM.DLL "
    .\debug.cpp(256) : 0xf8b46000 0x00003000 "\WINDOWS\system32\BOOTVID.dll "
    .\debug.cpp(256) : 0xf8614000 0x00101000 "spaq.sys "
    .\debug.cpp(256) : 0xf8c38000 0x00002000 "\WINDOWS\System32\Drivers\WMILIB.SYS "
    .\debug.cpp(256) : 0xf85fc000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS "
    .\debug.cpp(256) : 0xf85ce000 0x0002e000 "ACPI.sys "
    .\debug.cpp(256) : 0xf85bd000 0x00011000 "pci.sys "
    .\debug.cpp(256) : 0xf8736000 0x00009000 "isapnp.sys "
    .\debug.cpp(256) : 0xf8746000 0x00009000 "sshrmd.sys "
    .\debug.cpp(256) : 0xf8756000 0x0000b000 "ssfs0bbc.sys "
    .\debug.cpp(256) : 0xf858f000 0x0002e000 "ssidrv.sys "
    .\debug.cpp(256) : 0xf8562000 0x0002d000 "\WINDOWS\system32\DRIVERS\NDIS.SYS "
    .\debug.cpp(256) : 0xf89b6000 0x00005000 "\WINDOWS\system32\DRIVERS\TDI.SYS "
    .\debug.cpp(256) : 0xf8c3a000 0x00002000 "viaide.sys "
    .\debug.cpp(256) : 0xf89be000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS "
    .\debug.cpp(256) : 0xf8766000 0x0000b000 "MountMgr.sys "
    .\debug.cpp(256) : 0xf8543000 0x0001f000 "ftdisk.sys "
    .\debug.cpp(256) : 0xf8c3c000 0x00002000 "dmload.sys "
    .\debug.cpp(256) : 0xf851d000 0x00026000 "dmio.sys "
    .\debug.cpp(256) : 0xf89c6000 0x00005000 "PartMgr.sys "
    .\debug.cpp(256) : 0xf8776000 0x0000d000 "VolSnap.sys "
    .\debug.cpp(256) : 0xf8505000 0x00018000 "atapi.sys "
    .\debug.cpp(256) : 0xf84f2000 0x00013000 "viasraid.sys "
    .\debug.cpp(256) : 0xf8786000 0x00009000 "disk.sys "
    .\debug.cpp(256) : 0xf8796000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS "
    .\debug.cpp(256) : 0xf84d2000 0x00020000 "fltmgr.sys "
    .\debug.cpp(256) : 0xf84c0000 0x00012000 "sr.sys "
    .\debug.cpp(256) : 0xf8b4a000 0x00003000 "bsstor.sys "
    .\debug.cpp(256) : 0xf87a6000 0x00009000 "PxHelp20.sys "
    .\debug.cpp(256) : 0xf849d000 0x00023000 "Fastfat.sys "
    .\debug.cpp(256) : 0xf8486000 0x00017000 "KSecDD.sys "
    .\debug.cpp(256) : 0xf87b6000 0x0000b000 "uagp35.sys "
    .\debug.cpp(256) : 0xf89ce000 0x00007000 "viaagp1.sys "
    .\debug.cpp(256) : 0xf846b000 0x0001b000 "Mup.sys "
    .\debug.cpp(256) : 0xf8bf6000 0x00004000 "\SystemRoot\system32\DRIVERS\tunmp.sys "
    .\debug.cpp(256) : 0xf87e6000 0x0000a000 "\SystemRoot\System32\DRIVERS\amdk7.sys "
    .\debug.cpp(256) : 0xf802b000 0x003d0000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys "
    .\debug.cpp(256) : 0xf8017000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS "
    .\debug.cpp(256) : 0xf87f6000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys "
    .\debug.cpp(256) : 0xf8806000 0x0000d000 "\SystemRoot\System32\DRIVERS\cdrom.sys "
    .\debug.cpp(256) : 0xf8816000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys "
    .\debug.cpp(256) : 0xf7ff4000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys "
    .\debug.cpp(256) : 0xf8c3e000 0x00002000 "\SystemRoot\System32\Drivers\incdrm.SYS "
    .\debug.cpp(256) : 0xf89ee000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys "
    .\debug.cpp(256) : 0xf89f6000 0x00005000 "\SystemRoot\System32\DRIVERS\usbuhci.sys "
    .\debug.cpp(256) : 0xf7fd1000 0x00023000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS "
    .\debug.cpp(256) : 0xf89fe000 0x00007000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
    .\debug.cpp(256) : 0xf8a06000 0x00007000 "\SystemRoot\System32\DRIVERS\fdc.sys "
    .\debug.cpp(256) : 0xf7fbd000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys "
    .\debug.cpp(256) : 0xf8826000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys "
    .\debug.cpp(256) : 0xf8bfe000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys "
    .\debug.cpp(256) : 0xf8836000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys "
    .\debug.cpp(256) : 0xf8a0e000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys "
    .\debug.cpp(256) : 0xf8c02000 0x00003000 "\SystemRoot\System32\DRIVERS\gameenum.sys "
    .\debug.cpp(256) : 0xf7f2f000 0x0008e000 "\SystemRoot\system32\drivers\smwdm.sys "
    .\debug.cpp(256) : 0xf7f0b000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys "
    .\debug.cpp(256) : 0xf8846000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys "
    .\debug.cpp(256) : 0xf8c40000 0x00002000 "\SystemRoot\system32\drivers\aeaudio.sys "
    .\debug.cpp(256) : 0xf8c06000 0x00004000 "\SystemRoot\System32\DRIVERS\usbscan.sys "
    .\debug.cpp(256) : 0xf8c42000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS "
    .\debug.cpp(256) : 0xf8e84000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys "
    .\debug.cpp(256) : 0xf8856000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys "
    .\debug.cpp(256) : 0xf8c0a000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys "
    .\debug.cpp(256) : 0xf7ef4000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys "
    .\debug.cpp(256) : 0xf8866000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys "
    .\debug.cpp(256) : 0xf8876000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys "
    .\debug.cpp(256) : 0xf7e43000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys "
    .\debug.cpp(256) : 0xf8886000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys "
    .\debug.cpp(256) : 0xf8a16000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys "
    .\debug.cpp(256) : 0xf8a1e000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys "
    .\debug.cpp(256) : 0xf8896000 0x0000a000 "\SystemRoot\system32\DRIVERS\bthmodem.sys "
    .\debug.cpp(256) : 0xf7dea000 0x00031000 "\SystemRoot\System32\DRIVERS\rdpdr.sys "
    .\debug.cpp(256) : 0xf88a6000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys "
    .\debug.cpp(256) : 0xf8a26000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys "
    .\debug.cpp(256) : 0xf8c44000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys "
    .\debug.cpp(256) : 0xf7db6000 0x00034000 "\SystemRoot\System32\DRIVERS\update.sys "
    .\debug.cpp(256) : 0xf8c1e000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys "
    .\debug.cpp(256) : 0xf88b6000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
    .\debug.cpp(256) : 0xf88c6000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys "
    .\debug.cpp(256) : 0xf8a2e000 0x00005000 "\SystemRoot\System32\DRIVERS\flpydisk.sys "
    .\debug.cpp(256) : 0xf6c7a000 0x00014000 "\SystemRoot\system32\drivers\iksysflt.sys "
    .\debug.cpp(256) : 0xf88e6000 0x0000e000 "\SystemRoot\system32\drivers\KCOM.SYS "
    .\debug.cpp(256) : 0xf6c63000 0x00017000 "\SystemRoot\system32\drivers\iksyssec.sys "
    .\debug.cpp(256) : 0xf88f6000 0x0000e000 "\SystemRoot\system32\drivers\ikfilesec.SYS "
    .\debug.cpp(256) : 0xf8c46000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
    .\debug.cpp(256) : 0xf8e5b000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS "
    .\debug.cpp(256) : 0xf8c48000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS "
    .\debug.cpp(256) : 0xf8a46000 0x00006000 "\SystemRoot\System32\drivers\vga.sys "
    .\debug.cpp(256) : 0xf8c4a000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS "
    .\debug.cpp(256) : 0xf8c4c000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
    .\debug.cpp(256) : 0xf8a4e000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS "
    .\debug.cpp(256) : 0xf8a56000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS "
    .\debug.cpp(256) : 0xf842b000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys "
    .\debug.cpp(256) : 0xf6c30000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys "
    .\debug.cpp(256) : 0xf6bd8000 0x00058000 "\SystemRoot\System32\DRIVERS\tcpip.sys "
    .\debug.cpp(256) : 0xf6bb0000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys "
    .\debug.cpp(256) : 0xf6b8e000 0x00022000 "\SystemRoot\System32\drivers\afd.sys "
    .\debug.cpp(256) : 0xf8906000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys "
    .\debug.cpp(256) : 0xf6a61000 0x0008d000 "\SystemRoot\System32\Drivers\Ntfs.SYS "
    .\debug.cpp(256) : 0xf8a5e000 0x00007000 "\??\D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS "
    .\debug.cpp(256) : 0xf6a40000 0x00021000 "\SystemRoot\System32\DRIVERS\ipnat.sys "
    .\debug.cpp(256) : 0xf8926000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys "
    .\debug.cpp(256) : 0xf69e0000 0x00038000 "\SystemRoot\System32\Drivers\ao7ej1gm.SYS "
    .\debug.cpp(256) : 0xf69b5000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys "
    .\debug.cpp(256) : 0xf6946000 0x0006f000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys "
    .\debug.cpp(256) : 0xf8936000 0x00009000 "\SystemRoot\System32\Drivers\Fips.SYS "
    .\debug.cpp(256) : 0xf8956000 0x00009000 "\SystemRoot\System32\Drivers\LHidUsb.Sys "
    .\debug.cpp(256) : 0xf8966000 0x00009000 "\SystemRoot\System32\Drivers\HIDCLASS.SYS "
    .\debug.cpp(256) : 0xf8ace000 0x00007000 "\SystemRoot\System32\Drivers\HIDPARSE.SYS "
    .\debug.cpp(256) : 0xf8ad6000 0x00006000 "\SystemRoot\system32\DRIVERS\LHidFlt2.Sys "
    .\debug.cpp(256) : 0xf7e2b000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
    .\debug.cpp(256) : 0xf8976000 0x00010000 "\SystemRoot\system32\DRIVERS\LMouFlt2.Sys "
    .\debug.cpp(256) : 0xf7ee4000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS "
    .\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys "
    .\debug.cpp(256) : 0xf7e1f000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys "
    .\debug.cpp(256) : 0xf8ade000 0x00005000 "\SystemRoot\System32\watchdog.sys "
    .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys "
    .\debug.cpp(256) : 0xf8e3f000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys "
    .\debug.cpp(256) : 0xbf012000 0x00452000 "\SystemRoot\System32\nv4_disp.dll "
    .\debug.cpp(256) : 0xb9589000 0x0006e000 "\SystemRoot\System32\Drivers\BsUDF.SYS "
    .\debug.cpp(256) : 0xb9550000 0x00011000 "\SystemRoot\System32\Drivers\Udfs.SYS "
    .\debug.cpp(256) : 0xf8c76000 0x00002000 "\SystemRoot\SYSTEM32\Drivers\wg3n.sys "
    .\debug.cpp(256) : 0xb8a33000 0x0002c000 "\SystemRoot\System32\DRIVERS\mrxdav.sys "
    .\debug.cpp(256) : 0xf8cac000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS "
    .\debug.cpp(256) : 0xb8841000 0x00012000 "\??\C:\WINDOWS\system32\drivers\PfModNT.sys "
    .\debug.cpp(256) : 0xb897b000 0x0000a000 "\SystemRoot\System32\DRIVERS\secdrv.sys "
    .\debug.cpp(256) : 0xb82cb000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys "
    .\debug.cpp(256) : 0xb8721000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys "
    .\debug.cpp(256) : 0xb7743000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys "
    .\debug.cpp(256) : 0xb72b7000 0x00019000 "\??\C:\DOCUME~1\Wizard\LOCALS~1\Temp\fgtdypow.sys "
    .\debug.cpp(256) : 0xf8cc8000 0x00002000 "\??\C:\WINDOWS\system32\Drivers\PROCEXP90.SYS "
    .\debug.cpp(256) : 0xf8c92000 0x00002000 "\SystemRoot\System32\Drivers\hiber_WMILIB.SYS "
    .\debug.cpp(256) : 0xb57a9000 0x0000b000 "\??\C:\DOCUME~1\Wizard\LOCALS~1\Temp\aswMBR.sys "
    .\debug.cpp(256) : 0xb55a9000 0x0000b000 "\SystemRoot\system32\DRIVERS\fetnd5bv.sys "
    .\debug.cpp(256) : 0xb472d000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys "
    .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\System32\ntdll.dll "
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2OffsetCD1584800Length5CFF3B800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
    .\debug.cpp(400) : Destination "\Device\Ndis "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\0205B828-0000-0000-8902-000000000000 "
    .\debug.cpp(400) : Destination "\Device\0205B828-0000-0000-8902-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3: "
    .\debug.cpp(400) : Destination "\Device\Scsi\ao7ej1gm1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
    .\debug.cpp(400) : Destination "\Device\Video0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000043 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&10c7922&0#{97f76ef0-f883-11d0-af1f-0000f800845c} "
    .\debug.cpp(400) : Destination "\Device\0000006d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&83#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
    .\debug.cpp(400) : Destination "\Device\Video1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon "
    .\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\00000052 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset6AD8E3C00Length2DCF1B000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip "
    .\debug.cpp(400) : Destination "\Device\Ip "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF.SYS "
    .\debug.cpp(400) : Destination "\BsUDF "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
    .\debug.cpp(400) : Destination "\Device\Video2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset2EE1B7200Length3BF724C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000042 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev "
    .\debug.cpp(400) : Destination "\Device\IPSEC "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
    .\debug.cpp(400) : Destination "\Device\Video3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\0062F828-0000-0000-1510-000000000000 "
    .\debug.cpp(400) : Destination "\Device\0062F828-0000-0000-1510-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY "
    .\debug.cpp(400) : Destination "\Device\NDProxy "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
    .\debug.cpp(400) : Destination "\Device\Video4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0 "
    .\debug.cpp(400) : Destination "\Device\Tun0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP "
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#IMAGE#0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f} "
    .\debug.cpp(400) : Destination "\Device\00000005 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1 "
    .\debug.cpp(400) : Destination "\Device\ParallelVdm0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\82AA6428-0000-0000-9612-000000000000 "
    .\debug.cpp(400) : Destination "\Device\82AA6428-0000-0000-9612-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr "
    .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsStor "
    .\debug.cpp(400) : Destination "\Device\BsStor "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\01AAE628-0000-0000-99D0-000000000000 "
    .\debug.cpp(400) : Destination "\Device\01AAE628-0000-0000-99D0-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E82A3CD6-0914-4D3A-8AE2-9020E766B448} "
    .\debug.cpp(400) : Destination "\Device\{E82A3CD6-0914-4D3A-8AE2-9020E766B448} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\81B7B528-0000-0000-7F20-000000000000 "
    .\debug.cpp(400) : Destination "\Device\81B7B528-0000-0000-7F20-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcExp90 "
    .\debug.cpp(400) : Destination "\Device\ProcExp90 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6899-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1 "
    .\debug.cpp(400) : Destination "\Device\Serial0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_6_Model_8#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
    .\debug.cpp(400) : Destination "\Device\00000051 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_WJGTAPK&Prod_KHIFSLI7CH2&Rev_1.03#5&36e5972&0&000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Scsi\ao7ej1gm1Port3Path0Target0Lun0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6F5BEAB8-071A-48CF-BA30-082E8B3EE5CD} "
    .\debug.cpp(400) : Destination "\Device\{6F5BEAB8-071A-48CF-BA30-082E8B3EE5CD} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LHidfltr "
    .\debug.cpp(400) : Destination "\Device\LHidfltr "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6895-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
    .\debug.cpp(400) : Destination "\Device\NamedPipe "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788} "
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
    .\debug.cpp(400) : Destination "\Device\00000048 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80#3&61aaa01&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\G: "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
    .\debug.cpp(400) : Destination "\Device\00000081 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\02013728-0000-0000-2D20-000000000000 "
    .\debug.cpp(400) : Destination "\Device\02013728-0000-0000-2D20-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched "
    .\debug.cpp(400) : Destination "\Device\PSched "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
    .\debug.cpp(400) : Destination "\Device\Mup "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PfModNT "
    .\debug.cpp(400) : Destination "\Device\PfModNT "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\83C52728-0000-0000-F9D0-000000000000 "
    .\debug.cpp(400) : Destination "\Device\83C52728-0000-0000-F9D0-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT "
    .\debug.cpp(400) : Destination "\Device\IPNAT "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPB02F#4&10c7922&0#{cae56030-684a-11d0-d6f6-00a0c90f57da} "
    .\debug.cpp(400) : Destination "\Device\00000070 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{828FE58E-1572-443F-8DF6-08889EC18CC3} "
    .\debug.cpp(400) : Destination "\Device\{828FE58E-1572-443F-8DF6-08889EC18CC3} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice "
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITEON_CD-ROM_LTN526D___________________9S03____#5&1e37d5f0&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TCP "
    .\debug.cpp(400) : Destination "\Device\Tcp "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{23F08B98-68EE-4E99-A8F9-159CC76219F6} "
    .\debug.cpp(400) : Destination "\Device\{23F08B98-68EE-4E99-A8F9-159CC76219F6} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec4-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000047 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF "
    .\debug.cpp(400) : Destination "\BsUDF "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\00C5B828-0000-0000-8902-000000000000 "
    .\debug.cpp(400) : Destination "\Device\00C5B828-0000-0000-8902-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\8062C428-0000-0000-8902-000000000000 "
    .\debug.cpp(400) : Destination "\Device\8062C428-0000-0000-8902-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
    .\debug.cpp(400) : Destination "\Device\VideoPdo0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6897-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&13f2badf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1af31ff6-00db-11e0-b74f-00112f09f58a} "
    .\debug.cpp(400) : Destination "\Device\Floppy0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000046 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SSIDRV "
    .\debug.cpp(400) : Destination "\Device\SSIDRV "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
    .\debug.cpp(400) : Destination "\DosDevices\LPT1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\H: "
    .\debug.cpp(400) : Destination "\Device\CdRom1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000045 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio "
    .\debug.cpp(400) : Destination "\Device\sysaudio "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\8F53A528-0000-0000-B9D0-000000000000 "
    .\debug.cpp(400) : Destination "\Device\8F53A528-0000-0000-B9D0-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1 "
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DR1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
    .\debug.cpp(400) : Destination "\Device\FsWrap "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\04407528-0000-0000-83C0-000000000000 "
    .\debug.cpp(400) : Destination "\Device\04407528-0000-0000-83C0-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\00000081 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilterStub "
    .\debug.cpp(400) : Destination "\Device\DsdaFilterStub "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1 "
    .\debug.cpp(400) : Destination "\Device\CdRom1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&29ae02ea&1&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\FloppyPDO0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
    .\debug.cpp(400) : Destination "\GLOBAL?? "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{43d6457f-4611-4825-add7-0369b77cc43c} "
    .\debug.cpp(400) : Destination "\Device\00000081 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2 "
    .\debug.cpp(400) : Destination "\Device\CdRom2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0171&SUBSYS_00000000&REV_A3#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\00000055 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ebf-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset34BBF7000Length46527F000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\I: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&10c7922&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\0000006f "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\02094628-0000-0000-7A20-000000000000 "
    .\debug.cpp(400) : Destination "\Device\02094628-0000-0000-7A20-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
    .\debug.cpp(400) : Destination "\Device\0000006e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0 "
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec5-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788} "
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
    .\debug.cpp(400) : Destination "\Device\Secdrv "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{f117b9b2-6e65-11d2-a148-00001c2053de} "
    .\debug.cpp(400) : Destination "\Device\00000081 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6896-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\CdRom1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&37f4da28&1&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1} "
    .\debug.cpp(400) : Destination "\Device\Parallel0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPA000#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\00000057 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c016#5&3984d498&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LHidusb "
    .\debug.cpp(400) : Destination "\Device\LHidusb "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7d8eea2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\J: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$systemsecurity "
    .\debug.cpp(400) : Destination "\Device\$systemsecurity "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318} "
    .\debug.cpp(400) : Destination "\Device\0000006e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DBAE4B70-8EB2-446C-BE5E-0F49F7700E88} "
    .\debug.cpp(400) : Destination "\Device\{DBAE4B70-8EB2-446C-BE5E-0F49F7700E88} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f792fe0c-99c5-11de-b522-00112f09f58a} "
    .\debug.cpp(400) : Destination "\Device\CdRom2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec2-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF.VXD "
    .\debug.cpp(400) : Destination "\BsUDF "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&81#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\0A5FE828-0000-0000-9610-000000000000 "
    .\debug.cpp(400) : Destination "\Device\0A5FE828-0000-0000-9610-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
    .\debug.cpp(400) : Destination "\Device\MountPointManager "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000041 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788} "
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1a929f47&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\0FB7C238-0000-0000-0510-000000000000 "
    .\debug.cpp(400) : Destination "\Device\0FB7C238-0000-0000-0510-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\81E4F828-0000-0000-0510-000000000000 "
    .\debug.cpp(400) : Destination "\Device\81E4F828-0000-0000-0510-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32 "
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig "
    .\debug.cpp(400) : Destination "\Device\DmControl\DmConfig "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\K: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
    .\debug.cpp(400) : Destination "\Device\WANARP "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\00000004 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITEON_CD-ROM_LTN526D___________________9S03____#5&1e37d5f0&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\0B59A528-0000-0000-A4C0-000000000000 "
    .\debug.cpp(400) : Destination "\Device\0B59A528-0000-0000-A4C0-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\82A2C428-0000-0000-8902-000000000000 "
    .\debug.cpp(400) : Destination "\Device\82A2C428-0000-0000-8902-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace "
    .\debug.cpp(400) : Destination "\Device\DmControl\DmTrace "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\A: "
    .\debug.cpp(400) : Destination "\Device\Floppy0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC} "
    .\debug.cpp(400) : Destination "\Device\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMaxtor_4D040H2__________________________DAH017K0#3244513531424535202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
    .\debug.cpp(400) : Destination "\Device\NdisWanIp "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\00000003 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788} "
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_WJGTAPK&Prod_KHIFSLI7CH2&Rev_1.03#5&36e5972&0&000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Scsi\ao7ej1gm1Port3Path0Target0Lun0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD800JB-00ETA0______________________77.07W77#4457572d41434c48393534333835_033_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMOUSE "
    .\debug.cpp(400) : Destination "\Device\lmouse "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&82#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ae0c203&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset7B0E7DE00Length5206FEC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\L: "
    .\debug.cpp(400) : Destination "\Device\CdRom2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{dda54a40-1e4c-11d1-a050-405705c10000} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c73-03ab-11d9-acbc-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\0204D728-0000-0000-AB20-000000000000 "
    .\debug.cpp(400) : Destination "\Device\0204D728-0000-0000-AB20-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000044 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
    .\debug.cpp(400) : Destination "\Device\00000048 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1 "
    .\debug.cpp(400) : Destination "\Device\ParTechInc0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec0-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\CdRom1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c71-03ab-11d9-acbc-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1 "
    .\debug.cpp(400) : Destination "\Device\Parallel0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI "
    .\debug.cpp(400) : Destination "\Device\NdisTapi "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
    .\debug.cpp(400) : Destination "\Device\NdisWan "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
    .\debug.cpp(400) : Destination "\Device\AscKmd "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PWIPF6 "
    .\debug.cpp(400) : Destination "\Device\pwipf6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST "
    .\debug.cpp(400) : Destination "\Device\IPMULTICAST "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7EEE3CA0-950F-4767-942E-B9646276C0A9} "
    .\debug.cpp(400) : Destination "\Device\{7EEE3CA0-950F-4767-942E-B9646276C0A9} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2 "
    .\debug.cpp(400) : Destination "\Device\ParTechInc1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader "
    .\debug.cpp(400) : Destination "\Device\DmLoader "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow "
    .\debug.cpp(400) : Destination "\Device\LanmanRedirector "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c72-03ab-11d9-acbc-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec3-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e689a-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3 "
    .\debug.cpp(400) : Destination "\Device\ParTechInc2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmwdmDev "
    .\debug.cpp(400) : Destination "\Device\Smwdm0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset7E00Length34BBE7400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset7E00Length2EE1A7600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV "
    .\debug.cpp(400) : Destination "\Device\SASDIFSV "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_80ED1043&REV_86#3&61aaa01&0&84#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
    .\debug.cpp(400) : Destination "\Device\FtControl "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
    .\debug.cpp(400) : Destination "\Device\MailSlot "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
    .\debug.cpp(400) : Destination "\DosDevices\COM1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3A57D337-89D6-47E5-9126-01295D20B9C6} "
    .\debug.cpp(400) : Destination "\Device\{3A57D337-89D6-47E5-9126-01295D20B9C6} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3065&SUBSYS_80ED1043&REV_78#3&61aaa01&0&90#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
    .\debug.cpp(400) : Destination " "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
    .\debug.cpp(400) : Destination "\Device\Null "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\094C6428-0000-0000-2612-000000000000 "
    .\debug.cpp(400) : Destination "\Device\094C6428-0000-0000-2612-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\0000004b "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
    .\debug.cpp(400) : Destination "\Device\Scsi\viasraid1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\0000004a "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6898-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d9a72a8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo "
    .\debug.cpp(400) : Destination "\Device\DmControl\DmInfo "
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 74 GB \\.\PhysicalDrive0 Controlled by rootkit!
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1136) : Boot code on some of your physical disks is hidden by a rootkit.
    .\boot_cleaner.cpp(1138) : To disinfect the master boot sector, use the following command:
    .\boot_cleaner.cpp(1139) : remover.exe fix <device_name>
    .\boot_cleaner.cpp(1143) : To inspect the boot code manually, dump the master boot sector:
    .\boot_cleaner.cpp(1144) : remover.exe dump <device_name> [output_file]
    .\boot_cleaner.cpp(1147) :
    .\boot_cleaner.cpp(1152) : Done;
     
    wisserd,
    #23
  5. 2011/12/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
    broni,
    #24
  6. 2011/12/22
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    It says ***Infected MBR detected and wants to know if I want to repair it or close the box
     
    wisserd,
    #25
  7. 2011/12/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Repair.
    After restart post new Bootkit Remover log.
     
    broni,
    #26
  8. 2011/12/22
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...

    .\debug.cpp(238) : Debug log started at 23.12.2011 - 05:02:47
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x804d7000 0x00214900 "\WINDOWS\system32\ntoskrnl.exe "
    .\debug.cpp(256) : 0x806ec000 0x00020380 "\WINDOWS\system32\hal.dll "
    .\debug.cpp(256) : 0xf8c36000 0x00002000 "\WINDOWS\system32\KDCOM.DLL "
    .\debug.cpp(256) : 0xf8b46000 0x00003000 "\WINDOWS\system32\BOOTVID.dll "
    .\debug.cpp(256) : 0xf8614000 0x00101000 "spzb.sys "
    .\debug.cpp(256) : 0xf8c38000 0x00002000 "\WINDOWS\System32\Drivers\WMILIB.SYS "
    .\debug.cpp(256) : 0xf85fc000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS "
    .\debug.cpp(256) : 0xf85ce000 0x0002e000 "ACPI.sys "
    .\debug.cpp(256) : 0xf85bd000 0x00011000 "pci.sys "
    .\debug.cpp(256) : 0xf8736000 0x00009000 "isapnp.sys "
    .\debug.cpp(256) : 0xf8746000 0x00009000 "sshrmd.sys "
    .\debug.cpp(256) : 0xf8756000 0x0000b000 "ssfs0bbc.sys "
    .\debug.cpp(256) : 0xf858f000 0x0002e000 "ssidrv.sys "
    .\debug.cpp(256) : 0xf8562000 0x0002d000 "\WINDOWS\system32\DRIVERS\NDIS.SYS "
    .\debug.cpp(256) : 0xf89b6000 0x00005000 "\WINDOWS\system32\DRIVERS\TDI.SYS "
    .\debug.cpp(256) : 0xf8c3a000 0x00002000 "viaide.sys "
    .\debug.cpp(256) : 0xf89be000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS "
    .\debug.cpp(256) : 0xf8766000 0x0000b000 "MountMgr.sys "
    .\debug.cpp(256) : 0xf8543000 0x0001f000 "ftdisk.sys "
    .\debug.cpp(256) : 0xf8c3c000 0x00002000 "dmload.sys "
    .\debug.cpp(256) : 0xf851d000 0x00026000 "dmio.sys "
    .\debug.cpp(256) : 0xf89c6000 0x00005000 "PartMgr.sys "
    .\debug.cpp(256) : 0xf8776000 0x0000d000 "VolSnap.sys "
    .\debug.cpp(256) : 0xf8505000 0x00018000 "atapi.sys "
    .\debug.cpp(256) : 0xf84f2000 0x00013000 "viasraid.sys "
    .\debug.cpp(256) : 0xf8786000 0x00009000 "disk.sys "
    .\debug.cpp(256) : 0xf8796000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS "
    .\debug.cpp(256) : 0xf84d2000 0x00020000 "fltmgr.sys "
    .\debug.cpp(256) : 0xf84c0000 0x00012000 "sr.sys "
    .\debug.cpp(256) : 0xf8b4a000 0x00003000 "bsstor.sys "
    .\debug.cpp(256) : 0xf87a6000 0x00009000 "PxHelp20.sys "
    .\debug.cpp(256) : 0xf849d000 0x00023000 "Fastfat.sys "
    .\debug.cpp(256) : 0xf8486000 0x00017000 "KSecDD.sys "
    .\debug.cpp(256) : 0xf87b6000 0x0000b000 "uagp35.sys "
    .\debug.cpp(256) : 0xf89ce000 0x00007000 "viaagp1.sys "
    .\debug.cpp(256) : 0xf846b000 0x0001b000 "Mup.sys "
    .\debug.cpp(256) : 0xf8be6000 0x00004000 "\SystemRoot\system32\DRIVERS\tunmp.sys "
    .\debug.cpp(256) : 0xf87e6000 0x0000a000 "\SystemRoot\System32\DRIVERS\amdk7.sys "
    .\debug.cpp(256) : 0xf802b000 0x003d0000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys "
    .\debug.cpp(256) : 0xf8017000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS "
    .\debug.cpp(256) : 0xf87f6000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys "
    .\debug.cpp(256) : 0xf8806000 0x0000d000 "\SystemRoot\System32\DRIVERS\cdrom.sys "
    .\debug.cpp(256) : 0xf8816000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys "
    .\debug.cpp(256) : 0xf7ff4000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys "
    .\debug.cpp(256) : 0xf8c3e000 0x00002000 "\SystemRoot\System32\Drivers\incdrm.SYS "
    .\debug.cpp(256) : 0xf89ee000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys "
    .\debug.cpp(256) : 0xf89f6000 0x00005000 "\SystemRoot\System32\DRIVERS\usbuhci.sys "
    .\debug.cpp(256) : 0xf7fd1000 0x00023000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS "
    .\debug.cpp(256) : 0xf89fe000 0x00007000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
    .\debug.cpp(256) : 0xf8a06000 0x00007000 "\SystemRoot\System32\DRIVERS\fdc.sys "
    .\debug.cpp(256) : 0xf7fbd000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys "
    .\debug.cpp(256) : 0xf8826000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys "
    .\debug.cpp(256) : 0xf8bf2000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys "
    .\debug.cpp(256) : 0xf8836000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys "
    .\debug.cpp(256) : 0xf8a0e000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys "
    .\debug.cpp(256) : 0xf8bf6000 0x00003000 "\SystemRoot\System32\DRIVERS\gameenum.sys "
    .\debug.cpp(256) : 0xf7f2f000 0x0008e000 "\SystemRoot\system32\drivers\smwdm.sys "
    .\debug.cpp(256) : 0xf7f0b000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys "
    .\debug.cpp(256) : 0xf8846000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys "
    .\debug.cpp(256) : 0xf8c40000 0x00002000 "\SystemRoot\system32\drivers\aeaudio.sys "
    .\debug.cpp(256) : 0xf8856000 0x0000b000 "\SystemRoot\system32\DRIVERS\fetnd5bv.sys "
    .\debug.cpp(256) : 0xf8bfa000 0x00004000 "\SystemRoot\System32\DRIVERS\usbscan.sys "
    .\debug.cpp(256) : 0xf8c42000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS "
    .\debug.cpp(256) : 0xf8e7f000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys "
    .\debug.cpp(256) : 0xf8866000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys "
    .\debug.cpp(256) : 0xf8bfe000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys "
    .\debug.cpp(256) : 0xf7ef4000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys "
    .\debug.cpp(256) : 0xf8876000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys "
    .\debug.cpp(256) : 0xf8886000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys "
    .\debug.cpp(256) : 0xf7e43000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys "
    .\debug.cpp(256) : 0xf8896000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys "
    .\debug.cpp(256) : 0xf8a16000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys "
    .\debug.cpp(256) : 0xf8a1e000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys "
    .\debug.cpp(256) : 0xf88a6000 0x0000a000 "\SystemRoot\system32\DRIVERS\bthmodem.sys "
    .\debug.cpp(256) : 0xf7e12000 0x00031000 "\SystemRoot\System32\DRIVERS\rdpdr.sys "
    .\debug.cpp(256) : 0xf88b6000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys "
    .\debug.cpp(256) : 0xf8a26000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys "
    .\debug.cpp(256) : 0xf8c44000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys "
    .\debug.cpp(256) : 0xf7db6000 0x00034000 "\SystemRoot\System32\DRIVERS\update.sys "
    .\debug.cpp(256) : 0xf8c12000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys "
    .\debug.cpp(256) : 0xf88c6000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
    .\debug.cpp(256) : 0xf88d6000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys "
    .\debug.cpp(256) : 0xf8a2e000 0x00005000 "\SystemRoot\System32\DRIVERS\flpydisk.sys "
    .\debug.cpp(256) : 0xf6c7a000 0x00014000 "\SystemRoot\system32\drivers\iksysflt.sys "
    .\debug.cpp(256) : 0xf88f6000 0x0000e000 "\SystemRoot\system32\drivers\KCOM.SYS "
    .\debug.cpp(256) : 0xf6c63000 0x00017000 "\SystemRoot\system32\drivers\iksyssec.sys "
    .\debug.cpp(256) : 0xf8906000 0x0000e000 "\SystemRoot\system32\drivers\ikfilesec.SYS "
    .\debug.cpp(256) : 0xf8c46000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
    .\debug.cpp(256) : 0xf8e78000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS "
    .\debug.cpp(256) : 0xf8c48000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS "
    .\debug.cpp(256) : 0xf8a46000 0x00006000 "\SystemRoot\System32\drivers\vga.sys "
    .\debug.cpp(256) : 0xf8c4a000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS "
    .\debug.cpp(256) : 0xf8c4c000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
    .\debug.cpp(256) : 0xf8a4e000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS "
    .\debug.cpp(256) : 0xf8a56000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS "
    .\debug.cpp(256) : 0xf8433000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys "
    .\debug.cpp(256) : 0xf6c30000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys "
    .\debug.cpp(256) : 0xf6bd8000 0x00058000 "\SystemRoot\System32\DRIVERS\tcpip.sys "
    .\debug.cpp(256) : 0xf6bb0000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys "
    .\debug.cpp(256) : 0xf6b8e000 0x00022000 "\SystemRoot\System32\drivers\afd.sys "
    .\debug.cpp(256) : 0xf8916000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys "
    .\debug.cpp(256) : 0xf6a61000 0x0008d000 "\SystemRoot\System32\Drivers\Ntfs.SYS "
    .\debug.cpp(256) : 0xf8a5e000 0x00007000 "\??\D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS "
    .\debug.cpp(256) : 0xf6a40000 0x00021000 "\SystemRoot\System32\DRIVERS\ipnat.sys "
    .\debug.cpp(256) : 0xf8936000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys "
    .\debug.cpp(256) : 0xf6a08000 0x00038000 "\SystemRoot\System32\Drivers\asly7uzi.SYS "
    .\debug.cpp(256) : 0xf69dd000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys "
    .\debug.cpp(256) : 0xf696e000 0x0006f000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys "
    .\debug.cpp(256) : 0xf8946000 0x00009000 "\SystemRoot\System32\Drivers\Fips.SYS "
    .\debug.cpp(256) : 0xf8966000 0x00009000 "\SystemRoot\System32\Drivers\LHidUsb.Sys "
    .\debug.cpp(256) : 0xf8976000 0x00009000 "\SystemRoot\System32\Drivers\HIDCLASS.SYS "
    .\debug.cpp(256) : 0xf8ace000 0x00007000 "\SystemRoot\System32\Drivers\HIDPARSE.SYS "
    .\debug.cpp(256) : 0xf8ad6000 0x00006000 "\SystemRoot\system32\DRIVERS\LHidFlt2.Sys "
    .\debug.cpp(256) : 0xf7e02000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
    .\debug.cpp(256) : 0xf8986000 0x00010000 "\SystemRoot\system32\DRIVERS\LMouFlt2.Sys "
    .\debug.cpp(256) : 0xf8996000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS "
    .\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys "
    .\debug.cpp(256) : 0xf7df6000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys "
    .\debug.cpp(256) : 0xf8ade000 0x00005000 "\SystemRoot\System32\watchdog.sys "
    .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys "
    .\debug.cpp(256) : 0xf8e47000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys "
    .\debug.cpp(256) : 0xbf012000 0x00452000 "\SystemRoot\System32\nv4_disp.dll "
    .\debug.cpp(256) : 0xb9d32000 0x0006e000 "\SystemRoot\System32\Drivers\BsUDF.SYS "
    .\debug.cpp(256) : 0xb9d21000 0x00011000 "\SystemRoot\System32\Drivers\Udfs.SYS "
    .\debug.cpp(256) : 0xf8c62000 0x00002000 "\SystemRoot\SYSTEM32\Drivers\wg3n.sys "
    .\debug.cpp(256) : 0xb98e5000 0x0002c000 "\SystemRoot\System32\DRIVERS\mrxdav.sys "
    .\debug.cpp(256) : 0xf8c78000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS "
    .\debug.cpp(256) : 0xb97e3000 0x00012000 "\??\C:\WINDOWS\system32\drivers\PfModNT.sys "
    .\debug.cpp(256) : 0xb99a9000 0x0000a000 "\SystemRoot\System32\DRIVERS\secdrv.sys "
    .\debug.cpp(256) : 0xb940e000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys "
    .\debug.cpp(256) : 0xb947b000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys "
    .\debug.cpp(256) : 0xb911f000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys "
    .\debug.cpp(256) : 0xb8eec000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys "
    .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\System32\ntdll.dll "
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2OffsetCD1584800Length5CFF3B800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
    .\debug.cpp(400) : Destination "\Device\Ndis "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3: "
    .\debug.cpp(400) : Destination "\Device\Scsi\asly7uzi1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
    .\debug.cpp(400) : Destination "\Device\Video0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\82746338-0000-0000-0510-000000000000 "
    .\debug.cpp(400) : Destination "\Device\82746338-0000-0000-0510-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&10c7922&0#{97f76ef0-f883-11d0-af1f-0000f800845c} "
    .\debug.cpp(400) : Destination "\Device\0000006d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&83#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
    .\debug.cpp(400) : Destination "\Device\Video1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000043 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon "
    .\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\00000052 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip "
    .\debug.cpp(400) : Destination "\Device\Ip "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset6AD8E3C00Length2DCF1B000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF.SYS "
    .\debug.cpp(400) : Destination "\BsUDF "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
    .\debug.cpp(400) : Destination "\Device\Video2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\0FBF4338-0000-0000-8310-000000000000 "
    .\debug.cpp(400) : Destination "\Device\0FBF4338-0000-0000-8310-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset2EE1B7200Length3BF724C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev "
    .\debug.cpp(400) : Destination "\Device\IPSEC "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\02033E28-0000-0000-E4C0-000000000000 "
    .\debug.cpp(400) : Destination "\Device\02033E28-0000-0000-E4C0-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
    .\debug.cpp(400) : Destination "\Device\Video3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000042 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY "
    .\debug.cpp(400) : Destination "\Device\NDProxy "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\02083E28-0000-0000-7E20-000000000000 "
    .\debug.cpp(400) : Destination "\Device\02083E28-0000-0000-7E20-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
    .\debug.cpp(400) : Destination "\Device\Video4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0 "
    .\debug.cpp(400) : Destination "\Device\Tun0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP "
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#IMAGE#0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f} "
    .\debug.cpp(400) : Destination "\Device\00000005 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1 "
    .\debug.cpp(400) : Destination "\Device\ParallelVdm0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr "
    .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsStor "
    .\debug.cpp(400) : Destination "\Device\BsStor "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\84398F28-0000-0000-67F1-000000000000 "
    .\debug.cpp(400) : Destination "\Device\84398F28-0000-0000-67F1-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E82A3CD6-0914-4D3A-8AE2-9020E766B448} "
    .\debug.cpp(400) : Destination "\Device\{E82A3CD6-0914-4D3A-8AE2-9020E766B448} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6899-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1 "
    .\debug.cpp(400) : Destination "\Device\Serial0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_6_Model_8#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
    .\debug.cpp(400) : Destination "\Device\00000051 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_WJGTAPK&Prod_KHIFSLI7CH2&Rev_1.03#5&36e5972&0&000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Scsi\asly7uzi1Port3Path0Target0Lun0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LHidfltr "
    .\debug.cpp(400) : Destination "\Device\LHidfltr "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6895-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\8640DE28-0000-0000-FB20-000000000000 "
    .\debug.cpp(400) : Destination "\Device\8640DE28-0000-0000-FB20-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6F5BEAB8-071A-48CF-BA30-082E8B3EE5CD} "
    .\debug.cpp(400) : Destination "\Device\{6F5BEAB8-071A-48CF-BA30-082E8B3EE5CD} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
    .\debug.cpp(400) : Destination "\Device\NamedPipe "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788} "
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
    .\debug.cpp(400) : Destination "\Device\00000048 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80#3&61aaa01&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\G: "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
    .\debug.cpp(400) : Destination "\Device\00000081 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched "
    .\debug.cpp(400) : Destination "\Device\PSched "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
    .\debug.cpp(400) : Destination "\Device\Mup "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PfModNT "
    .\debug.cpp(400) : Destination "\Device\PfModNT "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomCD-R#RW_CW099D_CD-R#RW__________________13SM____#5&1e37d5f0&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT "
    .\debug.cpp(400) : Destination "\Device\IPNAT "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPB02F#4&10c7922&0#{cae56030-684a-11d0-d6f6-00a0c90f57da} "
    .\debug.cpp(400) : Destination "\Device\00000070 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{828FE58E-1572-443F-8DF6-08889EC18CC3} "
    .\debug.cpp(400) : Destination "\Device\{828FE58E-1572-443F-8DF6-08889EC18CC3} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice "
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITEON_CD-ROM_LTN526D___________________9S03____#5&1e37d5f0&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TCP "
    .\debug.cpp(400) : Destination "\Device\Tcp "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{23F08B98-68EE-4E99-A8F9-159CC76219F6} "
    .\debug.cpp(400) : Destination "\Device\{23F08B98-68EE-4E99-A8F9-159CC76219F6} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec4-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF "
    .\debug.cpp(400) : Destination "\BsUDF "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
    .\debug.cpp(400) : Destination "\Device\VideoPdo0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6897-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&13f2badf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000047 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1af31ff6-00db-11e0-b74f-00112f09f58a} "
    .\debug.cpp(400) : Destination "\Device\Floppy0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SSIDRV "
    .\debug.cpp(400) : Destination "\Device\SSIDRV "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\8778DE28-0000-0000-A6B0-000000000000 "
    .\debug.cpp(400) : Destination "\Device\8778DE28-0000-0000-A6B0-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
    .\debug.cpp(400) : Destination "\DosDevices\LPT1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000046 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\H: "
    .\debug.cpp(400) : Destination "\Device\CdRom1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1 "
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DR1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio "
    .\debug.cpp(400) : Destination "\Device\sysaudio "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
    .\debug.cpp(400) : Destination "\Device\FsWrap "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000045 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\87371338-0000-0000-8310-000000000000 "
    .\debug.cpp(400) : Destination "\Device\87371338-0000-0000-8310-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\8A81E138-0000-0000-6502-000000000000 "
    .\debug.cpp(400) : Destination "\Device\8A81E138-0000-0000-6502-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\00000081 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilterStub "
    .\debug.cpp(400) : Destination "\Device\DsdaFilterStub "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1 "
    .\debug.cpp(400) : Destination "\Device\CdRom1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&29ae02ea&1&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\FloppyPDO0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
    .\debug.cpp(400) : Destination "\GLOBAL?? "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\81EDBF28-0000-0000-B7B0-000000000000 "
    .\debug.cpp(400) : Destination "\Device\81EDBF28-0000-0000-B7B0-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{43d6457f-4611-4825-add7-0369b77cc43c} "
    .\debug.cpp(400) : Destination "\Device\00000081 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2 "
    .\debug.cpp(400) : Destination "\Device\CdRom2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0171&SUBSYS_00000000&REV_A3#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\00000055 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\I: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ebf-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset34BBF7000Length46527F000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\02084D28-0000-0000-B322-000000000000 "
    .\debug.cpp(400) : Destination "\Device\02084D28-0000-0000-B322-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&10c7922&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\0000006f "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\87AE0E28-0000-0000-25C0-000000000000 "
    .\debug.cpp(400) : Destination "\Device\87AE0E28-0000-0000-25C0-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
    .\debug.cpp(400) : Destination "\Device\0000006e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0 "
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec5-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788} "
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
    .\debug.cpp(400) : Destination "\Device\Secdrv "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c016#6&579885d&0&0000#{f117b9b2-6e65-11d2-a148-00001c2053de} "
    .\debug.cpp(400) : Destination "\Device\00000081 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6896-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\CdRom1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&37f4da28&1&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1} "
    .\debug.cpp(400) : Destination "\Device\Parallel0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPA000#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\00000057 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c016#5&3984d498&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LHidusb "
    .\debug.cpp(400) : Destination "\Device\LHidusb "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7d8eea2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\J: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$systemsecurity "
    .\debug.cpp(400) : Destination "\Device\$systemsecurity "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318} "
    .\debug.cpp(400) : Destination "\Device\0000006e "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DBAE4B70-8EB2-446C-BE5E-0F49F7700E88} "
    .\debug.cpp(400) : Destination "\Device\{DBAE4B70-8EB2-446C-BE5E-0F49F7700E88} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f792fe0c-99c5-11de-b522-00112f09f58a} "
    .\debug.cpp(400) : Destination "\Device\CdRom2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec2-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BsUDF.VXD "
    .\debug.cpp(400) : Destination "\BsUDF "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&81#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
    .\debug.cpp(400) : Destination "\Device\MountPointManager "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788} "
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1a929f47&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000041 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32 "
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig "
    .\debug.cpp(400) : Destination "\Device\DmControl\DmConfig "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\K: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
    .\debug.cpp(400) : Destination "\Device\WANARP "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\020A4338-0000-0000-67F1-000000000000 "
    .\debug.cpp(400) : Destination "\Device\020A4338-0000-0000-67F1-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\00000004 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITEON_CD-ROM_LTN526D___________________9S03____#5&1e37d5f0&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace "
    .\debug.cpp(400) : Destination "\Device\DmControl\DmTrace "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\A: "
    .\debug.cpp(400) : Destination "\Device\Floppy0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMaxtor_4D040H2__________________________DAH017K0#3244513531424535202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\8A8B5D28-0000-0000-67F1-000000000000 "
    .\debug.cpp(400) : Destination "\Device\8A8B5D28-0000-0000-67F1-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
    .\debug.cpp(400) : Destination "\Device\NdisWanIp "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC} "
    .\debug.cpp(400) : Destination "\Device\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\8D49E238-0000-0000-9310-000000000000 "
    .\debug.cpp(400) : Destination "\Device\8D49E238-0000-0000-9310-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\00000003 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788} "
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_WJGTAPK&Prod_KHIFSLI7CH2&Rev_1.03#5&36e5972&0&000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Scsi\asly7uzi1Port3Path0Target0Lun0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD800JB-00ETA0______________________77.07W77#4457572d41434c48393534333835_033_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMOUSE "
    .\debug.cpp(400) : Destination "\Device\lmouse "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043&REV_81#3&61aaa01&0&82#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ae0c203&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\L: "
    .\debug.cpp(400) : Destination "\Device\CdRom2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset7B0E7DE00Length5206FEC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_810D1043&REV_60#3&61aaa01&0&8D#{dda54a40-1e4c-11d1-a050-405705c10000} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\81E82F28-0000-0000-9920-000000000000 "
    .\debug.cpp(400) : Destination "\Device\81E82F28-0000-0000-9920-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c73-03ab-11d9-acbc-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
    .\debug.cpp(400) : Destination "\Device\00000048 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000044 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1 "
    .\debug.cpp(400) : Destination "\Device\ParTechInc0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407} "
    .\debug.cpp(400) : Destination "\Device\0000004c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1 "
    .\debug.cpp(400) : Destination "\Device\Parallel0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec0-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\CdRom1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c71-03ab-11d9-acbc-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI "
    .\debug.cpp(400) : Destination "\Device\NdisTapi "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
    .\debug.cpp(400) : Destination "\Device\NdisWan "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
    .\debug.cpp(400) : Destination "\Device\AscKmd "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PWIPF6 "
    .\debug.cpp(400) : Destination "\Device\pwipf6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST "
    .\debug.cpp(400) : Destination "\Device\IPMULTICAST "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7EEE3CA0-950F-4767-942E-B9646276C0A9} "
    .\debug.cpp(400) : Destination "\Device\{7EEE3CA0-950F-4767-942E-B9646276C0A9} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2 "
    .\debug.cpp(400) : Destination "\Device\ParTechInc1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader "
    .\debug.cpp(400) : Destination "\Device\DmLoader "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow "
    .\debug.cpp(400) : Destination "\Device\LanmanRedirector "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{877a1ec3-00f0-11d9-be0c-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b3b7c72-03ab-11d9-acbc-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e689a-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3 "
    .\debug.cpp(400) : Destination "\Device\ParTechInc2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmwdmDev "
    .\debug.cpp(400) : Destination "\Device\Smwdm0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF0E2F0E2Offset7E00Length34BBE7400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature380BB116Offset7E00Length2EE1A7600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV "
    .\debug.cpp(400) : Destination "\Device\SASDIFSV "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\85AC1F28-0000-0000-BA20-000000000000 "
    .\debug.cpp(400) : Destination "\Device\85AC1F28-0000-0000-BA20-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_80ED1043&REV_86#3&61aaa01&0&84#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
    .\debug.cpp(400) : Destination "\Device\FtControl "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
    .\debug.cpp(400) : Destination "\Device\MailSlot "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\8E32BD28-0000-0000-67F1-000000000000 "
    .\debug.cpp(400) : Destination "\Device\8E32BD28-0000-0000-67F1-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
    .\debug.cpp(400) : Destination "\DosDevices\COM1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3A57D337-89D6-47E5-9126-01295D20B9C6} "
    .\debug.cpp(400) : Destination "\Device\{3A57D337-89D6-47E5-9126-01295D20B9C6} "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
    .\debug.cpp(400) : Destination " "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
    .\debug.cpp(400) : Destination "\Device\Null "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\0000004b "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
    .\debug.cpp(400) : Destination "\Device\Scsi\viasraid1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3065&SUBSYS_80ED1043&REV_78#3&61aaa01&0&90#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\0000004a "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c60e6898-01b1-11d9-a349-806d6172696f} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d9a72a8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\894BDE28-0000-0000-B4C0-000000000000 "
    .\debug.cpp(400) : Destination "\Device\894BDE28-0000-0000-B4C0-000000000000 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo "
    .\debug.cpp(400) : Destination "\Device\DmControl\DmInfo "
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1152) : Done;
     
    wisserd,
    #27
  9. 2011/12/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good.

    Post fresh following logs:
    TDSSKiller
    aswMBR
    Combofix
     
    broni,
    #28
  10. 2011/12/22
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    tdsskill
    locked file
    service: sptd
    suspicious object, medium risk
    my option skip, copy to quarantine, or deleate
     
    wisserd,
    #29
  11. 2011/12/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Skip.
     
    broni,
    #30
  12. 2011/12/22
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    tdsskiller scan results

    suspicious sptd (LockedFile.Muli.generic)
    Skipped by user sptd (LockedFile.Muli.generic)
     
    wisserd,
    #31
  13. 2011/12/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on...

    Make sure you post actual logs.
     
    broni,
    #32
  14. 2011/12/22
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    23:50:03.0046 2736 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
    23:50:03.0562 2736 ============================================================
    23:50:03.0562 2736 Current date / time: 2011/12/22 23:50:03.0562
    23:50:03.0562 2736 SystemInfo:
    23:50:03.0562 2736
    23:50:03.0562 2736 OS Version: 5.1.2600 ServicePack: 2.0
    23:50:03.0562 2736 Product type: Workstation
    23:50:03.0562 2736 ComputerName: ZAR
    23:50:03.0562 2736 UserName: Wizard
    23:50:03.0562 2736 Windows directory: C:\WINDOWS
    23:50:03.0562 2736 System windows directory: C:\WINDOWS
    23:50:03.0562 2736 Processor architecture: Intel x86
    23:50:03.0562 2736 Number of processors: 1
    23:50:03.0562 2736 Page size: 0x1000
    23:50:03.0562 2736 Boot type: Normal boot
    23:50:03.0562 2736 ============================================================
    23:50:05.0750 2736 Initialize success
    23:50:08.0578 3008 ============================================================
    23:50:08.0578 3008 Scan started
    23:50:08.0578 3008 Mode: Manual;
    23:50:08.0578 3008 ============================================================
    23:50:25.0750 3008 Abiosdsk - ok
    23:50:25.0937 3008 abp480n5 - ok
    23:50:26.0078 3008 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:50:26.0078 3008 ACPI - ok
    23:50:26.0203 3008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:50:26.0203 3008 ACPIEC - ok
    23:50:26.0328 3008 adpu160m - ok
    23:50:26.0421 3008 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    23:50:26.0437 3008 aeaudio - ok
    23:50:26.0484 3008 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    23:50:26.0500 3008 aec - ok
    23:50:26.0578 3008 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    23:50:26.0593 3008 AFD - ok
    23:50:26.0734 3008 Aha154x - ok
    23:50:26.0843 3008 aic78u2 - ok
    23:50:26.0968 3008 aic78xx - ok
    23:50:27.0125 3008 AliIde - ok
    23:50:27.0218 3008 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    23:50:27.0234 3008 AmdK7 - ok
    23:50:27.0343 3008 amsint - ok
    23:50:27.0500 3008 asc - ok
    23:50:27.0625 3008 asc3350p - ok
    23:50:27.0750 3008 asc3550 - ok
    23:50:27.0937 3008 ASUSHWIO - ok
    23:50:28.0000 3008 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:50:28.0000 3008 AsyncMac - ok
    23:50:28.0046 3008 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:50:28.0046 3008 atapi - ok
    23:50:28.0187 3008 Atdisk - ok
    23:50:28.0234 3008 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:50:28.0234 3008 Atmarpc - ok
    23:50:28.0312 3008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:50:28.0328 3008 audstub - ok
    23:50:28.0453 3008 AVG Anti-Spyware Driver - ok
    23:50:28.0593 3008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:50:28.0593 3008 Beep - ok
    23:50:28.0750 3008 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\DRIVERS\bsstor.sys
    23:50:28.0750 3008 BsStor - ok
    23:50:28.0875 3008 BsUDF (4637c8115f9b82b08f192e29b8783aee) C:\WINDOWS\system32\drivers\BsUDF.sys
    23:50:28.0890 3008 BsUDF - ok
    23:50:29.0000 3008 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    23:50:29.0000 3008 BTHMODEM - ok
    23:50:29.0078 3008 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    23:50:29.0078 3008 BVRPMPR5 - ok
    23:50:29.0140 3008 catchme - ok
    23:50:29.0203 3008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:50:29.0203 3008 cbidf2k - ok
    23:50:29.0296 3008 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:50:29.0296 3008 CCDECODE - ok
    23:50:29.0421 3008 cd20xrnt - ok
    23:50:29.0515 3008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:50:29.0515 3008 Cdaudio - ok
    23:50:29.0562 3008 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:50:29.0562 3008 Cdfs - ok
    23:50:29.0640 3008 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:50:29.0656 3008 Cdrom - ok
    23:50:29.0765 3008 Changer - ok
    23:50:29.0953 3008 CmdIde - ok
    23:50:30.0125 3008 Cpqarray - ok
    23:50:30.0187 3008 cpuz134 - ok
    23:50:30.0343 3008 dac2w2k - ok
    23:50:30.0453 3008 dac960nt - ok
    23:50:30.0562 3008 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:50:30.0562 3008 Disk - ok
    23:50:30.0781 3008 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    23:50:30.0796 3008 dmboot - ok
    23:50:30.0890 3008 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
    23:50:30.0906 3008 dmio - ok
    23:50:30.0984 3008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:50:30.0984 3008 dmload - ok
    23:50:31.0078 3008 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    23:50:31.0093 3008 DMusic - ok
    23:50:31.0234 3008 dpti2o - ok
    23:50:31.0312 3008 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:50:31.0312 3008 drmkaud - ok
    23:50:31.0468 3008 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:50:31.0484 3008 Fastfat - ok
    23:50:31.0562 3008 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    23:50:31.0578 3008 Fdc - ok
    23:50:31.0671 3008 FETND5BV (338d7cfcf5e2f76eee845dbf4504f4c3) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
    23:50:31.0671 3008 FETND5BV - ok
    23:50:31.0765 3008 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    23:50:31.0765 3008 FETNDIS - ok
    23:50:31.0890 3008 FETNDISB (d3b19a8bae6c20b4d305c7a72e255eb9) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
    23:50:31.0890 3008 FETNDISB - ok
    23:50:31.0984 3008 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    23:50:31.0984 3008 Fips - ok
    23:50:32.0062 3008 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:50:32.0062 3008 Flpydisk - ok
    23:50:32.0187 3008 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
    23:50:32.0203 3008 FltMgr - ok
    23:50:32.0281 3008 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
    23:50:32.0281 3008 FreshIO - ok
    23:50:32.0359 3008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:50:32.0375 3008 Fs_Rec - ok
    23:50:32.0484 3008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:50:32.0500 3008 Ftdisk - ok
    23:50:32.0562 3008 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    23:50:32.0562 3008 gameenum - ok
    23:50:32.0703 3008 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    23:50:32.0703 3008 GEARAspiWDM - ok
    23:50:32.0765 3008 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:50:32.0765 3008 Gpc - ok
    23:50:32.0843 3008 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:50:32.0843 3008 HidUsb - ok
    23:50:32.0968 3008 hpn - ok
    23:50:33.0093 3008 hpt3xx - ok
    23:50:33.0250 3008 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:50:33.0265 3008 HTTP - ok
    23:50:33.0406 3008 i2omgmt - ok
    23:50:33.0531 3008 i2omp - ok
    23:50:33.0593 3008 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:50:33.0593 3008 i8042prt - ok
    23:50:33.0703 3008 IKFileSec (bb07262041a213fea5fccf0a9f90d85a) C:\WINDOWS\system32\drivers\ikfilesec.sys
    23:50:33.0703 3008 IKFileSec - ok
    23:50:33.0828 3008 IKSysFlt (b2581314d54f8de4262f0a51f7ba63d0) C:\WINDOWS\system32\drivers\iksysflt.sys
    23:50:33.0828 3008 IKSysFlt - ok
    23:50:33.0953 3008 IKSysSec (6f544cd764f949170b46a4dab11673e2) C:\WINDOWS\system32\drivers\iksyssec.sys
    23:50:33.0953 3008 IKSysSec - ok
    23:50:34.0046 3008 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:50:34.0046 3008 Imapi - ok
    23:50:34.0156 3008 incdrm (6f05034230ad665b8ad80214a3a9bc57) C:\WINDOWS\system32\drivers\incdrm.sys
    23:50:34.0171 3008 incdrm - ok
    23:50:34.0312 3008 ini910u - ok
    23:50:34.0421 3008 IntelIde - ok
    23:50:34.0546 3008 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    23:50:34.0546 3008 ip6fw - ok
    23:50:34.0609 3008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:50:34.0625 3008 IpFilterDriver - ok
    23:50:34.0703 3008 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:50:34.0703 3008 IpInIp - ok
    23:50:34.0796 3008 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:50:34.0812 3008 IpNat - ok
    23:50:34.0937 3008 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:50:34.0937 3008 IPSec - ok
    23:50:35.0000 3008 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:50:35.0000 3008 IRENUM - ok
    23:50:35.0109 3008 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:50:35.0109 3008 isapnp - ok
    23:50:35.0203 3008 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:50:35.0203 3008 Kbdclass - ok
    23:50:35.0265 3008 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    23:50:35.0265 3008 kmixer - ok
    23:50:35.0328 3008 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:50:35.0343 3008 KSecDD - ok
    23:50:35.0468 3008 L8042pr2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
    23:50:35.0468 3008 L8042pr2 - ok
    23:50:35.0625 3008 lbrtfdc - ok
    23:50:35.0781 3008 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
    23:50:35.0781 3008 LHidFlt2 - ok
    23:50:35.0921 3008 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
    23:50:35.0921 3008 LHidUsb - ok
    23:50:36.0062 3008 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
    23:50:36.0062 3008 LMouFlt2 - ok
    23:50:36.0125 3008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:50:36.0125 3008 mnmdd - ok
    23:50:36.0218 3008 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    23:50:36.0218 3008 Modem - ok
    23:50:36.0281 3008 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\WINDOWS\system32\DRIVERS\motccgp.sys
    23:50:36.0281 3008 motccgp - ok
    23:50:36.0406 3008 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
    23:50:36.0406 3008 motccgpfl - ok
    23:50:36.0515 3008 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
    23:50:36.0515 3008 MotDev - ok
    23:50:36.0625 3008 motmodem (69814acd50a9d6d28296050ef6215d46) C:\WINDOWS\system32\DRIVERS\motmodem.sys
    23:50:36.0640 3008 motmodem - ok
    23:50:36.0765 3008 motport (69814acd50a9d6d28296050ef6215d46) C:\WINDOWS\system32\DRIVERS\motport.sys
    23:50:36.0765 3008 motport - ok
    23:50:36.0812 3008 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:50:36.0828 3008 Mouclass - ok
    23:50:36.0937 3008 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:50:36.0937 3008 mouhid - ok
    23:50:37.0000 3008 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:50:37.0000 3008 MountMgr - ok
    23:50:37.0125 3008 mraid35x - ok
    23:50:37.0218 3008 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:50:37.0234 3008 MRxDAV - ok
    23:50:37.0312 3008 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:50:37.0328 3008 MRxSmb - ok
    23:50:37.0437 3008 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    23:50:37.0437 3008 Msfs - ok
    23:50:37.0531 3008 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:50:37.0531 3008 MSKSSRV - ok
    23:50:37.0656 3008 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:50:37.0656 3008 MSPCLOCK - ok
    23:50:37.0765 3008 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:50:37.0765 3008 MSPQM - ok
    23:50:37.0843 3008 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:50:37.0843 3008 mssmbios - ok
    23:50:37.0984 3008 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    23:50:37.0984 3008 MSTEE - ok
    23:50:38.0031 3008 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    23:50:38.0046 3008 Mup - ok
    23:50:38.0156 3008 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:50:38.0156 3008 NABTSFEC - ok
    23:50:38.0250 3008 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    23:50:38.0250 3008 NDIS - ok
    23:50:38.0390 3008 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:50:38.0406 3008 NdisIP - ok
    23:50:38.0500 3008 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:50:38.0500 3008 NdisTapi - ok
    23:50:38.0609 3008 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:50:38.0609 3008 Ndisuio - ok
    23:50:38.0671 3008 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:50:38.0687 3008 NdisWan - ok
    23:50:38.0750 3008 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:50:38.0750 3008 NDProxy - ok
    23:50:38.0796 3008 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:50:38.0796 3008 NetBIOS - ok
    23:50:38.0875 3008 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:50:38.0890 3008 NetBT - ok
    23:50:39.0062 3008 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    23:50:39.0062 3008 Npfs - ok
    23:50:39.0140 3008 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:50:39.0171 3008 Ntfs - ok
    23:50:39.0687 3008 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
    23:50:39.0687 3008 NTSIM - ok
    23:50:39.0796 3008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:50:39.0796 3008 Null - ok
    23:50:40.0093 3008 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    23:50:40.0203 3008 nv - ok
    23:50:40.0265 3008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:50:40.0265 3008 NwlnkFlt - ok
    23:50:40.0343 3008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:50:40.0343 3008 NwlnkFwd - ok
    23:50:40.0484 3008 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:50:40.0500 3008 Parport - ok
    23:50:40.0562 3008 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:50:40.0562 3008 PartMgr - ok
    23:50:40.0609 3008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:50:40.0609 3008 ParVdm - ok
    23:50:40.0750 3008 PavSRK.sys - ok
    23:50:40.0875 3008 PavTPK.sys - ok
    23:50:40.0937 3008 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:50:40.0937 3008 PCI - ok
    23:50:41.0062 3008 PCIDump - ok
    23:50:41.0187 3008 PCIIde - ok
    23:50:41.0343 3008 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:50:41.0343 3008 Pcmcia - ok
    23:50:41.0562 3008 PDCOMP - ok
    23:50:41.0703 3008 PDFRAME - ok
    23:50:41.0812 3008 PDRELI - ok
    23:50:41.0937 3008 PDRFRAME - ok
    23:50:42.0062 3008 perc2 - ok
    23:50:42.0187 3008 perc2hib - ok
    23:50:42.0375 3008 PfModNT (0abc514f6606324ce15484d079027798) C:\WINDOWS\system32\drivers\PfModNT.sys
    23:50:42.0390 3008 PfModNT - ok
    23:50:42.0500 3008 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:50:42.0500 3008 PptpMiniport - ok
    23:50:42.0578 3008 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
    23:50:42.0578 3008 Processor - ok
    23:50:42.0671 3008 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:50:42.0671 3008 PSched - ok
    23:50:42.0796 3008 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
    23:50:42.0796 3008 PSI - ok
    23:50:42.0890 3008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:50:42.0890 3008 Ptilink - ok
    23:50:43.0000 3008 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:50:43.0000 3008 PxHelp20 - ok
    23:50:43.0125 3008 ql1080 - ok
    23:50:43.0250 3008 Ql10wnt - ok
    23:50:43.0375 3008 ql12160 - ok
    23:50:43.0500 3008 ql1240 - ok
    23:50:43.0609 3008 ql1280 - ok
    23:50:43.0750 3008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:50:43.0750 3008 RasAcd - ok
    23:50:43.0843 3008 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:50:43.0843 3008 Rasl2tp - ok
    23:50:43.0937 3008 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:50:43.0937 3008 RasPppoe - ok
    23:50:44.0031 3008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:50:44.0031 3008 Raspti - ok
    23:50:44.0109 3008 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:50:44.0125 3008 Rdbss - ok
    23:50:44.0234 3008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:50:44.0234 3008 RDPCDD - ok
    23:50:44.0296 3008 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:50:44.0312 3008 rdpdr - ok
    23:50:44.0406 3008 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:50:44.0406 3008 RDPWD - ok
    23:50:44.0515 3008 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:50:44.0515 3008 redbook - ok
    23:50:44.0703 3008 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS
    23:50:44.0703 3008 SASDIFSV - ok
    23:50:44.0765 3008 SASENUM (7f1085895e499907f68df7731924122b) D:\PROGRA~1\SCANNE~1\SUUPER~1\SASENUM.SYS
    23:50:44.0765 3008 SASENUM - ok
    23:50:44.0812 3008 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) D:\PROGRA~1\SCANNE~1\SUUPER~1\SASKUTIL.SYS
    23:50:44.0812 3008 SASKUTIL - ok
    23:50:45.0031 3008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:50:45.0031 3008 Secdrv - ok
    23:50:45.0140 3008 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    23:50:45.0140 3008 serenum - ok
    23:50:45.0265 3008 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    23:50:45.0265 3008 Serial - ok
    23:50:45.0406 3008 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:50:45.0406 3008 Sfloppy - ok
    23:50:45.0562 3008 Simbad - ok
    23:50:45.0656 3008 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:50:45.0656 3008 SLIP - ok
    23:50:45.0812 3008 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
    23:50:45.0812 3008 SmartDefragDriver - ok
    23:50:45.0906 3008 smwdm (1d381a07361e4d6a8be95026b3eba47a) C:\WINDOWS\system32\drivers\smwdm.sys
    23:50:45.0921 3008 smwdm - ok
    23:50:46.0015 3008 SNDP202 (9b3363f5b12b9b811c495a21ec6d15bb) C:\WINDOWS\system32\DRIVERS\sndp202.sys
    23:50:46.0015 3008 SNDP202 - ok
    23:50:46.0171 3008 Sparrow - ok
    23:50:46.0234 3008 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    23:50:46.0234 3008 splitter - ok
    23:50:46.0375 3008 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
    23:50:46.0375 3008 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    23:50:46.0375 3008 sptd ( LockedFile.Multi.Generic ) - warning
    23:50:46.0375 3008 sptd - detected LockedFile.Multi.Generic (1)
    23:50:46.0437 3008 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:50:46.0437 3008 sr - ok
    23:50:46.0515 3008 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:50:46.0531 3008 Srv - ok
    23:50:46.0656 3008 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
    23:50:46.0656 3008 ssfs0bbc - ok
    23:50:46.0703 3008 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
    23:50:46.0703 3008 sshrmd - ok
    23:50:46.0781 3008 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
    23:50:46.0796 3008 ssidrv - ok
    23:50:46.0953 3008 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:50:46.0953 3008 streamip - ok
    23:50:47.0000 3008 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:50:47.0000 3008 swenum - ok
    23:50:47.0093 3008 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    23:50:47.0093 3008 swmidi - ok
    23:50:47.0234 3008 symc810 - ok
    23:50:47.0375 3008 symc8xx - ok
    23:50:47.0500 3008 sym_hi - ok
    23:50:47.0625 3008 sym_u3 - ok
    23:50:47.0750 3008 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:50:47.0750 3008 sysaudio - ok
    23:50:47.0890 3008 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:50:47.0906 3008 Tcpip - ok
    23:50:47.0968 3008 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:50:47.0968 3008 TDPIPE - ok
    23:50:48.0031 3008 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:50:48.0031 3008 TDTCP - ok
    23:50:48.0078 3008 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:50:48.0093 3008 TermDD - ok
    23:50:48.0250 3008 TosIde - ok
    23:50:48.0343 3008 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    23:50:48.0343 3008 tunmp - ok
    23:50:48.0437 3008 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
    23:50:48.0437 3008 TVICHW32 - ok
    23:50:48.0515 3008 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
    23:50:48.0515 3008 uagp35 - ok
    23:50:48.0593 3008 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    23:50:48.0593 3008 Udfs - ok
    23:50:48.0718 3008 ultra - ok
    23:50:48.0843 3008 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    23:50:48.0859 3008 Update - ok
    23:50:49.0015 3008 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:50:49.0015 3008 usbccgp - ok
    23:50:49.0109 3008 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:50:49.0109 3008 usbehci - ok
    23:50:49.0234 3008 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:50:49.0250 3008 usbhub - ok
    23:50:49.0390 3008 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:50:49.0390 3008 usbprint - ok
    23:50:49.0531 3008 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:50:49.0531 3008 usbscan - ok
    23:50:49.0625 3008 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:50:49.0625 3008 USBSTOR - ok
    23:50:49.0734 3008 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:50:49.0734 3008 usbuhci - ok
    23:50:49.0796 3008 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    23:50:49.0796 3008 VgaSave - ok
    23:50:49.0875 3008 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
    23:50:49.0875 3008 viaagp1 - ok
    23:50:49.0937 3008 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
    23:50:49.0953 3008 ViaIde - ok
    23:50:50.0000 3008 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\DRIVERS\viasraid.sys
    23:50:50.0000 3008 viasraid - ok
    23:50:50.0093 3008 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:50:50.0093 3008 VolSnap - ok
    23:50:50.0296 3008 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:50:50.0312 3008 Wanarp - ok
    23:50:50.0437 3008 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    23:50:50.0468 3008 Wdf01000 - ok
    23:50:50.0578 3008 WDICA - ok
    23:50:50.0640 3008 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:50:50.0640 3008 wdmaud - ok
    23:50:50.0828 3008 wg3n (ec2751e2e9d7d12a0b0b89fc9561b2e8) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
    23:50:50.0828 3008 wg3n - ok
    23:50:51.0062 3008 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    23:50:51.0062 3008 WS2IFSL - ok
    23:50:51.0203 3008 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:50:51.0203 3008 WSTCODEC - ok
    23:50:51.0343 3008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:50:51.0359 3008 WudfPf - ok
    23:50:51.0453 3008 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    23:50:51.0546 3008 \Device\Harddisk0\DR0 - ok
    23:50:51.0578 3008 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    23:50:53.0203 3008 \Device\Harddisk1\DR1 - ok
    23:50:53.0234 3008 Boot (0x1200) (153faa860ba3e85bea35b2ac7e75e3ec) \Device\Harddisk0\DR0\Partition0
    23:50:53.0234 3008 \Device\Harddisk0\DR0\Partition0 - ok
    23:50:53.0265 3008 Boot (0x1200) (1c7722f2a8be2dfc381622d3ff2b5d9f) \Device\Harddisk0\DR0\Partition1
    23:50:53.0265 3008 \Device\Harddisk0\DR0\Partition1 - ok
    23:50:53.0312 3008 Boot (0x1200) (799cb27c6ab77dcae5d119bc7877d06e) \Device\Harddisk0\DR0\Partition2
    23:50:53.0312 3008 \Device\Harddisk0\DR0\Partition2 - ok
    23:50:53.0359 3008 Boot (0x1200) (545171d6f728c3058940a7b6940b81b0) \Device\Harddisk0\DR0\Partition3
    23:50:53.0359 3008 \Device\Harddisk0\DR0\Partition3 - ok
    23:50:53.0375 3008 Boot (0x1200) (4f119000594dabdde8fe2ddce77a814a) \Device\Harddisk1\DR1\Partition0
    23:50:53.0375 3008 \Device\Harddisk1\DR1\Partition0 - ok
    23:50:53.0406 3008 Boot (0x1200) (b6ed127424c7f3d905fb409979b1af81) \Device\Harddisk1\DR1\Partition1
    23:50:53.0406 3008 \Device\Harddisk1\DR1\Partition1 - ok
    23:50:53.0468 3008 Boot (0x1200) (88a160c038d9be33b473778ae95c5ba9) \Device\Harddisk1\DR1\Partition2
    23:50:53.0468 3008 \Device\Harddisk1\DR1\Partition2 - ok
    23:50:53.0468 3008 ============================================================
    23:50:53.0468 3008 Scan finished
    23:50:53.0468 3008 ============================================================
    23:50:53.0515 2864 Detected object count: 1
    23:50:53.0515 2864 Actual detected object count: 1
    23:50:58.0968 2864 sptd ( LockedFile.Multi.Generic ) - skipped by user
    23:50:58.0968 2864 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
    wisserd,
    #33
  15. 2011/12/22
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-22 23:25:21
    -----------------------------
    23:25:21.812 OS Version: Windows 5.1.2600 Service Pack 2
    23:25:21.812 Number of processors: 1 586 0x801
    23:25:21.812 ComputerName: ZAR UserName:
    23:25:22.296 Initialize success
    23:31:17.531 AVAST engine defs: 11122201
    23:32:18.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    23:32:18.156 Disk 0 Vendor: WDC_WD800JB-00ETA0 77.07W77 Size: 76319MB BusType: 3
    23:32:18.171 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    23:32:18.187 Disk 1 Vendor: Maxtor_4D040H2 DAH017K0 Size: 39083MB BusType: 3
    23:32:18.218 Device \Driver\atapi -> MajorFunction 833de1f8
    23:32:20.250 Disk 0 MBR read successfully
    23:32:20.265 Disk 0 MBR scan
    23:32:21.031 Disk 0 Windows XP default MBR code
    23:32:21.062 Disk 0 scanning sectors +156280320
    23:32:21.187 Disk 0 scanning C:\WINDOWS\system32\drivers
    23:33:44.359 Service scanning
    23:33:46.140 Service SASENUM C:\WINDOWS\D:\PROGRA~1\SCANNE~1\SUUPER~1\SASENUM.SYS **LOCKED** 123
    23:33:46.140 Service SASKUTIL C:\WINDOWS\D:\PROGRA~1\SCANNE~1\SUUPER~1\SASKUTIL.SYS **LOCKED** 123
    23:33:46.187 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    23:33:46.890 Modules scanning
    23:33:50.203 Disk 0 trace - called modules:
    23:33:50.234 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x829949d0]<<
    23:33:50.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8335fab8]
    23:33:51.187 AVAST engine scan C:\WINDOWS
    23:34:36.703 AVAST engine scan C:\WINDOWS\system32
    23:41:13.796 AVAST engine scan C:\WINDOWS\system32\drivers
    23:42:04.031 AVAST engine scan C:\Documents and Settings\Wizard
    23:46:09.484 AVAST engine scan C:\Documents and Settings\All Users
    23:46:33.234 Scan finished successfully
    23:46:46.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Wizard\Desktop\MBR.dat "
    23:46:46.125 The log file has been saved successfully to "C:\Documents and Settings\Wizard\Desktop\aswMBR.txt "
    23:47:57.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Wizard\Desktop\MBR.dat "
    23:47:57.250 The log file has been saved successfully to "C:\Documents and Settings\Wizard\Desktop\aswMBR.txt "
     
    wisserd,
    #34
  16. 2011/12/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    All good so far.

    My bed time is coming, so after posting Combofix log update me on your computer behavior and then proceed with OTL scan.
     
    broni,
    #35
  17. 2011/12/23
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    ComboFix 11-12-22.04 - Wizard 12/23/2011 0:02.7.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.357 [GMT -6:00]
    Running from: c:\documents and settings\Wizard\Desktop\ComboFix.exe
    AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
    FW: Webroot AntiVirus with Spy Sweeper *Disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\oobe\isperror
    c:\windows\system32\oobe\isperror\ispcnerr.htm
    c:\windows\system32\oobe\isperror\ispdtone.htm
    c:\windows\system32\oobe\isperror\isphdshk.htm
    c:\windows\system32\oobe\isperror\ispins.htm
    c:\windows\system32\oobe\isperror\ispnoanw.htm
    c:\windows\system32\oobe\isperror\isppberr.htm
    c:\windows\system32\oobe\isperror\ispphbsy.htm
    c:\windows\system32\oobe\isperror\ispsbusy.htm
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-19 04:59 . 2011-12-19 04:59 -------- d-----w- C:\FOUND.001
    2011-12-18 19:20 . 2011-12-18 19:20 -------- d-----w- C:\FOUND.000
    2011-12-18 04:48 . 2011-12-18 04:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
    2011-12-17 22:47 . 2011-12-17 22:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-12-06 00:40 . 2011-12-06 00:40 -------- d-----w- c:\documents and settings\Wizard\Application Data\FreeFileViewer
    2011-12-06 00:10 . 2011-12-06 00:10 -------- d-----w- c:\program files\File Type Assistant
    2011-12-06 00:08 . 2011-12-06 00:08 -------- d-----w- c:\program files\FreeFileViewer
    2011-12-04 03:54 . 2010-07-26 04:23 544768 ----a-w- c:\windows\system32\wbocx.ocx
    2011-12-04 03:54 . 2010-07-26 04:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll
    2011-12-04 03:54 . 2010-07-26 04:23 1706800 ----a-w- c:\windows\system32\gdiplus.dll
    2011-12-04 03:54 . 2010-07-26 04:23 33968 ----a-w- c:\windows\system32\anim.dll
    2011-11-24 14:15 . 2011-11-24 14:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-11-24 14:15 . 2011-11-24 14:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-13 23:20 . 2011-07-01 05:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "P2kAutostart "= "V49E" [X]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "nwiz "= "nwiz.exe" [2006-10-22 1622016]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "Lexmark X74-X75 "= "c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
    "QuickTime Task "= "d:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "SpySweeper "= "d:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator "= "Narrator.exe" [2006-10-04 53760]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel "= 0 (0x0)
    "NoCommonGroups "= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{a5780613-492e-4a2a-a7fd-549610edf6cc} "= "d:\program files\VCOM\Recovery Commander\RCHOOK.DLL" [2003-06-12 102400]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "d:\program files\scanners cleaners\suuperantispyware\SASSEH.DLL" [2008-05-28 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-308236825-725345543-1003\Scripts\Logoff\0\0]
    "Script "=
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @= "Service "
    path=
    backup=
    .
    [HKLM\~\startupfolder\^.plugin141_02.trace]
    path=\.plugin141_02.trace
    .
    [HKLM\~\startupfolder\^.plugin141_07.trace]
    path=\.plugin141_07.trace
    .
    [HKLM\~\startupfolder\^.recently-used.xbel]
    path=\.recently-used.xbel
    .
    [HKLM\~\startupfolder\^a01600]
    path=\a01600
    .
    [HKLM\~\startupfolder\^NTUSER.BAK]
    path=\NTUSER.BAK
    .
    [HKLM\~\startupfolder\^NTUSER.BK1]
    path=\NTUSER.BK1
    .
    [HKLM\~\startupfolder\^NTUSER.DAT]
    path=\NTUSER.DAT
    .
    [HKLM\~\startupfolder\^ntuser.dat.LOG]
    path=\ntuser.dat.LOG
    .
    [HKLM\~\startupfolder\^ntuser.dat.rmbak]
    path=\ntuser.dat.rmbak
    .
    [HKLM\~\startupfolder\^NTUSER.DFG.LOG]
    path=\NTUSER.DFG.LOG
    .
    [HKLM\~\startupfolder\^ntuser.ini]
    path=\ntuser.ini
    .
    [HKLM\~\startupfolder\^PDF9B.PDF]
    path=\PDF9B.PDF
    .
    [HKLM\~\startupfolder\^S-1-5-21-515967899-308236825-725345543-1003.rrr.LOG]
    path=\S-1-5-21-515967899-308236825-725345543-1003.rrr.LOG
    .
    [HKLM\~\startupfolder\^the workgear outlet]
    path=\the workgear outlet
    .
    [HKLM\~\startupfolder\^WINDOWS]
    path=\WINDOWS
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mGiJpKILEPL.exe]
    c:\documents and settings\All Users\Application Data\mGiJpKILEPL.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WZCSVC "=2 (0x2)
    "iPodService "=3 (0x3)
    "SDhelper "=2 (0x2)
    "Apple Mobile Device "=2 (0x2)
    "helpsvc "=2 (0x2)
    "Bonjour Service "=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001
    "FirewallOverride "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications "= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "d:\\open zip\\Phoenix_Dynasty_Online_Client_7403.exe "=
    "c:\\WINDOWS\\System32\\LEXPPS.EXE "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "d:\\Program Files\\iTunes\\iTunes.exe "=
    "d:\\Program Files\\opera\\opera.exe "=
    "c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe "=
    .
    R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [9/23/2004 7:55 PM 9344]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/4/2009 9:35 PM 721904]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [9/8/2004 4:43 PM 77312]
    R1 SASDIFSV;SASDIFSV;d:\program files\scanners cleaners\suuperantispyware\SASDIFSV.SYS [10/10/2006 1:53 PM 8944]
    R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [9/23/2004 7:55 PM 449280]
    R2 IS360service;IS360service;d:\program files\IObit\IObit Security 360\is360srv.exe [2/18/2011 8:43 AM 312152]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 2:35 PM 227184]
    R2 Secunia Update Agent;Secunia Update Agent;d:\program files\Secunia\PSI\sua.exe [1/10/2011 8:24 AM 399416]
    R2 WRConsumerService;Webroot Client Service;d:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [3/15/2011 10:44 PM 1201640]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/9/2011 5:40 PM 13496]
    S1 SASKUTIL;SASKUTIL;d:\progra~1\SCANNE~1\SUUPER~1\SASKUTIL.SYS [2/27/2007 12:39 PM 55024]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S3 ASEService;Aluria Spyware Eliminator Service; [x]
    S3 cpuz134;cpuz134;\??\c:\docume~1\Wizard\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Wizard\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/25/2011 8:20 PM 20480]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/25/2011 8:20 PM 8320]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [9/25/2011 8:20 PM 42752]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [9/25/2011 8:20 PM 24064]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
    S3 SASENUM;SASENUM;d:\progra~1\SCANNE~1\SUUPER~1\SASENUM.SYS [2/16/2006 5:51 PM 4096]
    S3 Secunia PSI Agent;Secunia PSI Agent;d:\program files\Secunia\PSI\psia.exe [1/10/2011 8:24 AM 993848]
    S3 SNDP202;Bushnell ImageView;c:\windows\system32\drivers\sndp202.sys [12/11/2010 3:52 PM 243968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 FileDeleter;ZeroSpyware FileDeleter; [x]
    S4 sdAuxService;PC Tools Auxiliary Service; [x]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 27755378
    *NewlyCreated* - 59175248
    *Deregistered* - 27755378
    *Deregistered* - 59175248
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-308236825-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
    .
    2011-12-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-308236825-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
    .
    2011-11-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-308236825-725345543-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
    .
    2011-12-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-308236825-725345543-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
    .
    2011-12-20 c:\windows\Tasks\Scheduled Checkpoint.job
    - d:\program files\VCOM\Recovery Commander\RCSCHED.EXE [2005-03-27 22:45]
    .
    2011-12-22 c:\windows\Tasks\RegCure.job
    - d:\program files\RegCure\RegCure.exe [2006-06-06 23:23]
    .
    2011-12-23 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
    - c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-12-06 21:24]
    .
    2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL =
    mWindow Title =
    uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.*
    IE:
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    IE: Copy to &Lightning Note - d:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
    IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A171AA41-81EA-4B7A-B1E9-EE2DA907DEFC}: NameServer = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fjz5jkk0.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-23 00:11
    Windows 5.1.2600 Service Pack 2 FAT NTAPI
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-12-23 00:14:44
    ComboFix-quarantined-files.txt 2011-12-23 06:14
    ComboFix2.txt 2011-12-21 07:59
    .
    Pre-Run: 4,057,391,104 bytes free
    Post-Run: 4,129,406,976 bytes free
    .
    - - End Of File - - EC7B5F8C50EF1E9EB1E14CCD9CA583B5
     
    wisserd,
    #36
  18. 2011/12/23
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    The only thing was boot time. I will reboot and let you know.
     
    wisserd,
    #37
  19. 2011/12/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    All looks good.
    Now I'm really off to bed.
    Leave me OTL log for the morning.
     
    broni,
    #38
  20. 2011/12/23
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    It ran for 5 hours and hung up on scanning firefox settings. Took 18 min form turn on to desktop, everything else works great. No problem when I turned off OTL . I will run it again wile I am at work.
     
    wisserd,
    #39
  21. 2011/12/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Make sure you turn your AV program off while running OTL.
     
    broni,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...