TechSpot

[A] Can not access search engines when plugged into our network

By Adrian Tello
Apr 26, 2012
  1. I am running Windows 7 (32Bit) via BootCamp on my MacBook Pro model A1226 Intel Core 2 Duo CPU T7500 @ 2.20GHz

    I am having a similar problem that others have had regarding not being able to access Google, Yahoo, Bing, etc search engines. However, this only happens when I am plugged into my office network. When I connect via WiFi to other service providers (ie my ClearWire) I can access the search engines just fine.

    I am now following the steps as per: 5-step Viruses/Spyware/Malware Preliminary Removal Instructions
    and will be posting the results in the following replies.

    Any advice?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    No comments before I see all logs.
     
  3. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.26.04

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Adrian :: AT [administrator]

    4/26/2012 12:21:24 PM
    mbam-log-2012-04-26 (12-21-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 258414
    Time elapsed: 11 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-04-26 14:32:26
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST95005620AS rev.SD26
    Running: gmer.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\fgldrpow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EF07D92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:324] 8637439F
    Thread System [4:380] 867F10F4

    ---- EOF - GMER 1.0.15 ----
     
  5. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    I have attempted to perform Step 4: Run DDS and fail 3 times already.

    The program seems to freeze and locks the computer up causing me to do a hard reset (no good!) I have noticed a post from 2010 where another individual had the same problem.

    Please advise.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    An infected file as "Cured" by the program. See log below:

    16:00:00.0763 7196 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
    16:00:01.0468 7196 ============================================================
    16:00:01.0468 7196 Current date / time: 2012/04/27 16:00:01.0468
    16:00:01.0469 7196 SystemInfo:
    16:00:01.0469 7196
    16:00:01.0469 7196 OS Version: 6.1.7601 ServicePack: 1.0
    16:00:01.0469 7196 Product type: Workstation
    16:00:01.0469 7196 ComputerName: AT
    16:00:01.0469 7196 UserName: Adrian
    16:00:01.0469 7196 Windows directory: C:\Windows
    16:00:01.0469 7196 System windows directory: C:\Windows
    16:00:01.0469 7196 Processor architecture: Intel x86
    16:00:01.0469 7196 Number of processors: 2
    16:00:01.0469 7196 Page size: 0x1000
    16:00:01.0469 7196 Boot type: Normal boot
    16:00:01.0469 7196 ============================================================
    16:00:03.0094 7196 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    16:00:03.0100 7196 ============================================================
    16:00:03.0100 7196 \Device\Harddisk0\DR0:
    16:00:03.0100 7196 GPT partitions:
    16:00:03.0101 7196 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {08B4AB42-D72C-485A-BB96-EE4634791CF3}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
    16:00:03.0101 7196 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {467939D3-9419-4047-87AB-6EBEFCC97C22}, Name: Untitled, StartLBA 0x64028, BlocksNum 0x148CA8B0
    16:00:03.0101 7196 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {426F6F74-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {FBD35519-A0AA-4893-AF2F-60C9324BEA06}, Name: Recovery HD, StartLBA 0x1492E8D8, BlocksNum 0x135F28
    16:00:03.0101 7196 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {103630F8-4E0B-4E96-B0F2-A950B539842E}, Name: Untitled, StartLBA 0x14A64800, BlocksNum 0x25921800
    16:00:03.0101 7196 MBR partitions:
    16:00:03.0101 7196 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x14A64800, BlocksNum 0x25921800
    16:00:03.0101 7196 ============================================================
    16:00:03.0147 7196 C: <-> \Device\Harddisk0\DR0\Partition4
    16:00:03.0225 7196 ============================================================
    16:00:03.0225 7196 Initialize success
    16:00:03.0225 7196 ============================================================
    16:00:07.0518 7760 ============================================================
    16:00:07.0518 7760 Scan started
    16:00:07.0519 7760 Mode: Manual;
    16:00:07.0519 7760 ============================================================
    16:00:09.0489 7760 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    16:00:09.0493 7760 !SASCORE - ok
    16:00:09.0621 7760 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    16:00:09.0629 7760 1394ohci - ok
    16:00:09.0662 7760 aapltctp (9a580efd847b628b52f5c8a8210a92b4) C:\Windows\system32\DRIVERS\aapltctp.sys
    16:00:09.0666 7760 aapltctp - ok
    16:00:09.0684 7760 aapltp (db87c2a6e28e60bbe5d6b435329af242) C:\Windows\system32\DRIVERS\aapltp.sys
    16:00:09.0688 7760 aapltp - ok
    16:00:09.0734 7760 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
    16:00:09.0742 7760 ac97intc - ok
    16:00:09.0795 7760 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    16:00:09.0808 7760 ACPI - ok
    16:00:09.0824 7760 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    16:00:09.0826 7760 AcpiPmi - ok
    16:00:09.0866 7760 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    16:00:09.0885 7760 adp94xx - ok
    16:00:09.0904 7760 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    16:00:09.0909 7760 adpahci - ok
    16:00:09.0927 7760 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    16:00:09.0934 7760 adpu320 - ok
    16:00:09.0946 7760 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    16:00:09.0951 7760 AeLookupSvc - ok
    16:00:10.0025 7760 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    16:00:10.0035 7760 AFD - ok
    16:00:10.0046 7760 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    16:00:10.0048 7760 agp440 - ok
    16:00:10.0067 7760 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    16:00:10.0073 7760 aic78xx - ok
    16:00:10.0092 7760 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    16:00:10.0095 7760 ALG - ok
    16:00:10.0110 7760 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    16:00:10.0111 7760 aliide - ok
    16:00:10.0126 7760 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    16:00:10.0129 7760 amdagp - ok
    16:00:10.0143 7760 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    16:00:10.0151 7760 amdide - ok
    16:00:10.0165 7760 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    16:00:10.0170 7760 AmdK8 - ok
    16:00:10.0178 7760 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    16:00:10.0181 7760 AmdPPM - ok
    16:00:10.0189 7760 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    16:00:10.0191 7760 amdsata - ok
    16:00:10.0209 7760 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    16:00:10.0221 7760 amdsbs - ok
    16:00:10.0225 7760 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    16:00:10.0228 7760 amdxata - ok
    16:00:10.0260 7760 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
    16:00:10.0263 7760 AppHostSvc - ok
    16:00:10.0280 7760 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    16:00:10.0284 7760 AppID - ok
    16:00:10.0291 7760 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    16:00:10.0294 7760 AppIDSvc - ok
    16:00:10.0323 7760 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    16:00:10.0325 7760 Appinfo - ok
    16:00:10.0382 7760 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:00:10.0385 7760 Apple Mobile Device - ok
    16:00:10.0417 7760 applebt (6bb0152196f33e1f6f490edf48ab1ba9) C:\Windows\system32\DRIVERS\applebt.sys
    16:00:10.0420 7760 applebt - ok
    16:00:10.0467 7760 AppleHFS (539d370c240a4b8297c1b00c37898cdc) C:\Windows\system32\drivers\AppleHFS.sys
    16:00:10.0471 7760 AppleHFS - ok
    16:00:10.0489 7760 AppleMNT (4c3bc95763c1470ca91a1594a9d5dfda) C:\Windows\system32\drivers\AppleMNT.sys
    16:00:10.0492 7760 AppleMNT - ok
    16:00:10.0539 7760 AppleOSSMgr (185967bc344f997b77a46aa0a1726780) C:\Windows\system32\AppleOSSMgr.exe
    16:00:10.0551 7760 AppleOSSMgr - ok
    16:00:10.0585 7760 AppleTimeSrv (39b76b84f0b4c3e77a68dfef151e46ec) C:\Windows\system32\AppleTimeSrv.exe
    16:00:10.0590 7760 AppleTimeSrv - ok
    16:00:10.0618 7760 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    16:00:10.0639 7760 AppMgmt - ok
    16:00:10.0658 7760 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    16:00:10.0672 7760 arc - ok
    16:00:10.0684 7760 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    16:00:10.0689 7760 arcsas - ok
    16:00:10.0756 7760 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    16:00:10.0783 7760 aspnet_state - ok
    16:00:10.0839 7760 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
    16:00:10.0842 7760 aswFsBlk - ok
    16:00:10.0877 7760 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
    16:00:10.0880 7760 aswMonFlt - ok
    16:00:10.0915 7760 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
    16:00:10.0917 7760 aswRdr - ok
    16:00:11.0011 7760 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
    16:00:11.0029 7760 aswSnx - ok
    16:00:11.0075 7760 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
    16:00:11.0090 7760 aswSP - ok
    16:00:11.0130 7760 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
    16:00:11.0132 7760 aswTdi - ok
    16:00:11.0191 7760 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:00:11.0197 7760 AsyncMac - ok
    16:00:11.0203 7760 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    16:00:11.0204 7760 atapi - ok
    16:00:11.0297 7760 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\Windows\system32\DRIVERS\athr.sys
    16:00:11.0331 7760 athr - ok
    16:00:11.0492 7760 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    16:00:11.0505 7760 AudioEndpointBuilder - ok
    16:00:11.0512 7760 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    16:00:11.0516 7760 Audiosrv - ok
    16:00:11.0538 7760 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    16:00:11.0540 7760 avast! Antivirus - ok
    16:00:11.0823 7760 AVGIDSAgent (2fa777badbb92b29fbd2f3d3d382ef96) C:\Program Files\AVG\AVG2012\avgidsagent.exe
    16:00:11.0920 7760 AVGIDSAgent - ok
    16:00:12.0043 7760 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
    16:00:12.0072 7760 AVGIDSDriver - ok
    16:00:12.0097 7760 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
    16:00:12.0100 7760 AVGIDSFilter - ok
    16:00:12.0120 7760 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
    16:00:12.0164 7760 AVGIDSHX - ok
    16:00:12.0170 7760 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
    16:00:12.0173 7760 AVGIDSShim - ok
    16:00:12.0230 7760 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
    16:00:12.0244 7760 Avgldx86 - ok
    16:00:12.0267 7760 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
    16:00:12.0272 7760 Avgmfx86 - ok
    16:00:12.0290 7760 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
    16:00:12.0293 7760 Avgrkx86 - ok
    16:00:12.0340 7760 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
    16:00:12.0394 7760 Avgtdix - ok
    16:00:12.0464 7760 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    16:00:12.0466 7760 avgwd - ok
    16:00:12.0486 7760 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    16:00:12.0490 7760 AxInstSV - ok
    16:00:12.0537 7760 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    16:00:12.0552 7760 b06bdrv - ok
    16:00:12.0576 7760 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    16:00:12.0584 7760 b57nd60x - ok
    16:00:12.0646 7760 bcm (b5b0b31bbc69aa89b539cf9a84ceada3) C:\Windows\system32\DRIVERS\drxvi314.sys
    16:00:12.0692 7760 bcm - ok
    16:00:12.0766 7760 bcmbusctr (bc88fb0a5131cf1384dceeee13c59943) C:\Windows\system32\DRIVERS\BcmBusCtr.sys
    16:00:12.0823 7760 bcmbusctr - ok
    16:00:12.0837 7760 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    16:00:12.0843 7760 BDESVC - ok
    16:00:12.0862 7760 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    16:00:12.0865 7760 Beep - ok
    16:00:12.0934 7760 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    16:00:12.0949 7760 BFE - ok
    16:00:13.0023 7760 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
    16:00:13.0039 7760 BITS - ok
    16:00:13.0051 7760 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    16:00:13.0055 7760 blbdrive - ok
    16:00:13.0125 7760 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    16:00:13.0141 7760 Bonjour Service - ok
    16:00:13.0190 7760 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    16:00:13.0211 7760 bowser - ok
    16:00:13.0218 7760 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:00:13.0221 7760 BrFiltLo - ok
    16:00:13.0229 7760 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:00:13.0231 7760 BrFiltUp - ok
    16:00:13.0255 7760 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    16:00:13.0261 7760 BridgeMP - ok
    16:00:13.0296 7760 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    16:00:13.0300 7760 Browser - ok
    16:00:13.0315 7760 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    16:00:13.0320 7760 Brserid - ok
    16:00:13.0342 7760 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    16:00:13.0348 7760 BrSerWdm - ok
    16:00:13.0353 7760 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:00:13.0356 7760 BrUsbMdm - ok
    16:00:13.0362 7760 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    16:00:13.0365 7760 BrUsbSer - ok
    16:00:13.0469 7760 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
    16:00:13.0471 7760 BthEnum - ok
    16:00:13.0508 7760 BthKicker (8787e193fceb88f12ce2b1a0bbc3f64e) C:\Windows\system32\DRIVERS\BthKicker.sys
    16:00:13.0511 7760 BthKicker - ok
    16:00:13.0521 7760 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    16:00:13.0524 7760 BTHMODEM - ok
    16:00:13.0538 7760 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    16:00:13.0542 7760 BthPan - ok
    16:00:13.0598 7760 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
    16:00:13.0614 7760 BTHPORT - ok
    16:00:13.0627 7760 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    16:00:13.0630 7760 bthserv - ok
    16:00:13.0671 7760 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
    16:00:13.0674 7760 BTHUSB - ok
    16:00:13.0719 7760 CACLEARWIRE (8ca554e3bec5b6c7d945b401e6af390d) C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
    16:00:13.0724 7760 CACLEARWIRE - ok
    16:00:13.0779 7760 catchme - ok
    16:00:13.0824 7760 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    16:00:13.0830 7760 cdfs - ok
    16:00:13.0855 7760 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    16:00:13.0867 7760 cdrom - ok
    16:00:13.0880 7760 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    16:00:13.0883 7760 CertPropSvc - ok
    16:00:13.0893 7760 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    16:00:13.0896 7760 circlass - ok
    16:00:13.0951 7760 clearwireDeviceDiagnosticsService (df352ad585c99b088445c932f4817a45) C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
    16:00:13.0961 7760 clearwireDeviceDiagnosticsService - ok
    16:00:13.0999 7760 CLEARWIRERcAppSvc (5bd6058a42cb8d9cf1ed67c7daa98505) C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
    16:00:14.0003 7760 CLEARWIRERcAppSvc - ok
    16:00:14.0060 7760 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    16:00:14.0068 7760 CLFS - ok
    16:00:14.0104 7760 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:00:14.0109 7760 clr_optimization_v2.0.50727_32 - ok
    16:00:14.0183 7760 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:00:14.0224 7760 clr_optimization_v4.0.30319_32 - ok
    16:00:14.0261 7760 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:00:14.0263 7760 CmBatt - ok
    16:00:14.0287 7760 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    16:00:14.0291 7760 cmdide - ok
    16:00:14.0349 7760 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    16:00:14.0363 7760 CNG - ok
    16:00:14.0387 7760 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    16:00:14.0390 7760 Compbatt - ok
    16:00:14.0411 7760 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    16:00:14.0414 7760 CompositeBus - ok
    16:00:14.0418 7760 COMSysApp - ok
    16:00:14.0437 7760 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    16:00:14.0440 7760 crcdisk - ok
    16:00:14.0472 7760 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    16:00:14.0476 7760 CryptSvc - ok
    16:00:14.0542 7760 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    16:00:14.0554 7760 CSC - ok
    16:00:14.0631 7760 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    16:00:14.0647 7760 CscService - ok
    16:00:14.0715 7760 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
    16:00:14.0718 7760 dc3d - ok
    16:00:14.0775 7760 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    16:00:14.0791 7760 DcomLaunch - ok
    16:00:14.0818 7760 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    16:00:14.0826 7760 defragsvc - ok
    16:00:14.0896 7760 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    16:00:14.0910 7760 DfsC - ok
    16:00:14.0942 7760 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    16:00:14.0951 7760 Dhcp - ok
    16:00:14.0996 7760 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    16:00:14.0998 7760 discache - ok
    16:00:15.0029 7760 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    16:00:15.0032 7760 Disk - ok
    16:00:15.0071 7760 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    16:00:15.0079 7760 Dnscache - ok
    16:00:15.0105 7760 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    16:00:15.0113 7760 dot3svc - ok
    16:00:15.0152 7760 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
    16:00:15.0164 7760 dot4 - ok
    16:00:15.0192 7760 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
    16:00:15.0194 7760 Dot4Print - ok
    16:00:15.0212 7760 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
    16:00:15.0214 7760 dot4usb - ok
    16:00:15.0232 7760 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    16:00:15.0242 7760 DPS - ok
    16:00:15.0282 7760 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    16:00:15.0284 7760 drmkaud - ok
    16:00:15.0363 7760 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    16:00:15.0383 7760 DXGKrnl - ok
    16:00:15.0415 7760 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    16:00:15.0420 7760 EapHost - ok
    16:00:15.0552 7760 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    16:00:15.0608 7760 ebdrv - ok
    16:00:15.0694 7760 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    16:00:15.0718 7760 EFS - ok
    16:00:15.0795 7760 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    16:00:15.0811 7760 ehRecvr - ok
    16:00:15.0824 7760 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    16:00:15.0828 7760 ehSched - ok
    16:00:15.0880 7760 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    16:00:15.0893 7760 elxstor - ok
    16:00:15.0959 7760 EMP_UDSA (daa15fd8165ce9e2423ab40d1a843ff6) C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
    16:00:15.0963 7760 EMP_UDSA - ok
    16:00:15.0994 7760 eppvad_simple (802f427a85feb7cc5f63587f82e4479e) C:\Windows\system32\drivers\EMP_UDAU.sys
    16:00:15.0997 7760 eppvad_simple - ok
    16:00:16.0018 7760 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    16:00:16.0021 7760 ErrDev - ok
    16:00:16.0054 7760 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\Windows\system32\drivers\es1371mp.sys
    16:00:16.0059 7760 es1371 - ok
    16:00:16.0122 7760 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    16:00:16.0132 7760 EventSystem - ok
    16:00:16.0149 7760 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    16:00:16.0162 7760 exfat - ok
    16:00:16.0212 7760 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    16:00:16.0226 7760 fastfat - ok
    16:00:16.0260 7760 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    16:00:16.0280 7760 Fax - ok
    16:00:16.0297 7760 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    16:00:16.0300 7760 fdc - ok
    16:00:16.0305 7760 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    16:00:16.0309 7760 fdPHost - ok
    16:00:16.0316 7760 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    16:00:16.0320 7760 FDResPub - ok
    16:00:16.0351 7760 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    16:00:16.0354 7760 FileInfo - ok
    16:00:16.0368 7760 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    16:00:16.0370 7760 Filetrace - ok
    16:00:16.0389 7760 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:00:16.0392 7760 flpydisk - ok
    16:00:16.0417 7760 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    16:00:16.0424 7760 FltMgr - ok
    16:00:16.0488 7760 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    16:00:16.0511 7760 FontCache - ok
    16:00:16.0538 7760 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    16:00:16.0541 7760 FontCache3.0.0.0 - ok
    16:00:16.0551 7760 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    16:00:16.0554 7760 FsDepends - ok
    16:00:16.0568 7760 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    16:00:16.0570 7760 fssfltr - ok
    16:00:16.0674 7760 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    16:00:16.0711 7760 fsssvc - ok
    16:00:16.0850 7760 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
    16:00:16.0853 7760 Fs_Rec - ok
    16:00:16.0893 7760 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    16:00:16.0900 7760 fvevol - ok
    16:00:16.0926 7760 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:00:16.0929 7760 gagp30kx - ok
    16:00:16.0972 7760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:00:16.0975 7760 GEARAspiWDM - ok
    16:00:17.0031 7760 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    16:00:17.0053 7760 gpsvc - ok
    16:00:17.0107 7760 gupdate1cae72c79ddac4b (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    16:00:17.0110 7760 gupdate1cae72c79ddac4b - ok
    16:00:17.0122 7760 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    16:00:17.0123 7760 gupdatem - ok
    16:00:17.0138 7760 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    16:00:17.0141 7760 hcw85cir - ok
    16:00:17.0176 7760 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    16:00:17.0185 7760 HdAudAddService - ok
    16:00:17.0201 7760 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    16:00:17.0213 7760 HDAudBus - ok
    16:00:17.0246 7760 hgfs (08f5886c8426c09a8bd79a33d99d2cc1) C:\Windows\system32\DRIVERS\hgfs.sys
    16:00:17.0260 7760 hgfs - ok
    16:00:17.0267 7760 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    16:00:17.0271 7760 HidBatt - ok
    16:00:17.0286 7760 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    16:00:17.0298 7760 HidBth - ok
    16:00:17.0310 7760 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    16:00:17.0313 7760 HidIr - ok
    16:00:17.0321 7760 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
    16:00:17.0324 7760 hidserv - ok
    16:00:17.0363 7760 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
    16:00:17.0366 7760 HidUsb - ok
    16:00:17.0392 7760 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    16:00:17.0415 7760 hkmsvc - ok
    16:00:17.0451 7760 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    16:00:17.0460 7760 HomeGroupListener - ok
    16:00:17.0482 7760 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    16:00:17.0491 7760 HomeGroupProvider - ok
    16:00:17.0517 7760 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    16:00:17.0519 7760 HpSAMD - ok
    16:00:17.0585 7760 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    16:00:17.0601 7760 HTTP - ok
    16:00:17.0623 7760 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    16:00:17.0625 7760 hwpolicy - ok
    16:00:17.0649 7760 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    16:00:17.0652 7760 i8042prt - ok
    16:00:17.0683 7760 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    16:00:17.0688 7760 iaStorV - ok
    16:00:17.0752 7760 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    16:00:17.0775 7760 idsvc - ok
    16:00:17.0887 7760 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    16:00:17.0891 7760 iirsp - ok
    16:00:17.0900 7760 IISADMIN (fc9735b66850cf8aebbc1e207ecb2ad8) C:\Windows\system32\inetsrv\inetinfo.exe
    16:00:17.0902 7760 IISADMIN - ok
    16:00:17.0987 7760 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    16:00:18.0009 7760 IKEEXT - ok
    16:00:18.0177 7760 IntcAzAudAddService (94b1ff5d243d34b31380a2f79fc48959) C:\Windows\system32\drivers\RTKVHDA.sys
    16:00:18.0316 7760 IntcAzAudAddService - ok
    16:00:18.0401 7760 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    16:00:18.0404 7760 intelide - ok
    16:00:18.0415 7760 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    16:00:18.0418 7760 intelppm - ok
    16:00:18.0432 7760 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    16:00:18.0445 7760 IPBusEnum - ok
    16:00:18.0465 7760 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:00:18.0468 7760 IpFilterDriver - ok
    16:00:18.0527 7760 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    16:00:18.0539 7760 iphlpsvc - ok
    16:00:18.0560 7760 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    16:00:18.0563 7760 IPMIDRV - ok
    16:00:18.0581 7760 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    16:00:18.0594 7760 IPNAT - ok
    16:00:18.0723 7760 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    16:00:18.0747 7760 iPod Service - ok
    16:00:18.0756 7760 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    16:00:18.0759 7760 IRENUM - ok
    16:00:18.0782 7760 IRRemoteFlt (dd4c1a21abd0c41184d3f529421e4650) C:\Windows\system32\DRIVERS\IRFilter.sys
    16:00:18.0785 7760 IRRemoteFlt - ok
    16:00:18.0800 7760 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    16:00:18.0804 7760 isapnp - ok
    16:00:18.0836 7760 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    16:00:18.0848 7760 iScsiPrt - ok
    16:00:18.0883 7760 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    16:00:18.0885 7760 kbdclass - ok
    16:00:18.0918 7760 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    16:00:18.0920 7760 kbdhid - ok
    16:00:18.0947 7760 KeyAgent (b2030675753ddcc51994a37563ef7c12) C:\Windows\system32\drivers\KeyAgent.sys
    16:00:18.0950 7760 KeyAgent - ok
    16:00:18.0972 7760 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    16:00:18.0975 7760 KeyIso - ok
    16:00:18.0984 7760 KeyMagic (298d7b6b8b7985c272a7e7158119a416) C:\Windows\system32\DRIVERS\KeyMagic.sys
    16:00:18.0988 7760 KeyMagic - ok
    16:00:19.0000 7760 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    16:00:19.0004 7760 KSecDD - ok
    16:00:19.0053 7760 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    16:00:19.0065 7760 KSecPkg - ok
    16:00:19.0095 7760 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    16:00:19.0112 7760 KtmRm - ok
    16:00:19.0172 7760 L6PODHD5 (f7451c13eed4460017a4f848e0874b6c) C:\Windows\system32\Drivers\L6PODHD5.sys
    16:00:19.0272 7760 L6PODHD5 - ok
    16:00:19.0340 7760 L6TPortA (0e2e3cabb4723b78441e58e5899d82d9) C:\Windows\system32\Drivers\L6TPortA.sys
    16:00:19.0502 7760 L6TPortA - ok
    16:00:19.0538 7760 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
    16:00:19.0549 7760 LanmanServer - ok
    16:00:19.0590 7760 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    16:00:19.0605 7760 LanmanWorkstation - ok
    16:00:19.0647 7760 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    16:00:19.0649 7760 lltdio - ok
    16:00:19.0671 7760 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    16:00:19.0681 7760 lltdsvc - ok
    16:00:19.0687 7760 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    16:00:19.0692 7760 lmhosts - ok
    16:00:19.0715 7760 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:00:19.0721 7760 LSI_FC - ok
    16:00:19.0730 7760 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:00:19.0732 7760 LSI_SAS - ok
    16:00:19.0745 7760 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:00:19.0748 7760 LSI_SAS2 - ok
    16:00:19.0762 7760 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:00:19.0767 7760 LSI_SCSI - ok
    16:00:19.0785 7760 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    16:00:19.0793 7760 luafv - ok
    16:00:19.0828 7760 LUM (beb9ca71472f2f6e1ccbb15be8db3771) C:\Windows\system32\drivers\LUM.sys
    16:00:19.0837 7760 LUM - ok
    16:00:19.0865 7760 LUMDriver (ca020db361524d1182138efeaa8cf8f3) C:\Windows\system32\drivers\LUMDriver.sys
    16:00:19.0867 7760 LUMDriver - ok
    16:00:19.0896 7760 MacHALDriver (054053f2f8e4dff6c97c4cef04fd2be0) C:\Windows\system32\drivers\MacHALDriver.sys
    16:00:19.0900 7760 MacHALDriver - ok
    16:00:19.0997 7760 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
    16:00:20.0011 7760 McciCMService - ok
    16:00:20.0057 7760 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    16:00:20.0062 7760 Mcx2Svc - ok
    16:00:20.0073 7760 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    16:00:20.0076 7760 megasas - ok
    16:00:20.0091 7760 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    16:00:20.0095 7760 MegaSR - ok
    16:00:20.0121 7760 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    16:00:20.0127 7760 MMCSS - ok
    16:00:20.0140 7760 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    16:00:20.0147 7760 Modem - ok
    16:00:20.0193 7760 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    16:00:20.0195 7760 monitor - ok
    16:00:20.0207 7760 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    16:00:20.0210 7760 mouclass - ok
    16:00:20.0217 7760 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    16:00:20.0220 7760 mouhid - ok
    16:00:20.0250 7760 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    16:00:20.0254 7760 mountmgr - ok
    16:00:20.0284 7760 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    16:00:20.0296 7760 mpio - ok
    16:00:20.0310 7760 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    16:00:20.0314 7760 mpsdrv - ok
    16:00:20.0371 7760 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    16:00:20.0390 7760 MpsSvc - ok
    16:00:20.0414 7760 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    16:00:20.0445 7760 MREMP50 - ok
    16:00:20.0448 7760 MREMPR5 - ok
    16:00:20.0453 7760 MRENDIS5 - ok
    16:00:20.0461 7760 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    16:00:20.0489 7760 MRESP50 - ok
    16:00:20.0540 7760 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    16:00:20.0553 7760 MRxDAV - ok
    16:00:20.0601 7760 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:00:20.0617 7760 mrxsmb - ok
    16:00:20.0665 7760 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:00:20.0675 7760 mrxsmb10 - ok
    16:00:20.0698 7760 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:00:20.0707 7760 mrxsmb20 - ok
    16:00:20.0740 7760 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    16:00:20.0748 7760 msahci - ok
    16:00:20.0761 7760 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    16:00:20.0765 7760 msdsm - ok
    16:00:20.0799 7760 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    16:00:20.0811 7760 MSDTC - ok
    16:00:20.0836 7760 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    16:00:20.0839 7760 Msfs - ok
    16:00:20.0844 7760 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    16:00:20.0851 7760 mshidkmdf - ok
    16:00:20.0873 7760 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    16:00:20.0881 7760 msisadrv - ok
    16:00:20.0917 7760 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    16:00:20.0929 7760 MSiSCSI - ok
    16:00:20.0940 7760 msiserver - ok
    16:00:20.0945 7760 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    16:00:20.0948 7760 MSKSSRV - ok
    16:00:20.0959 7760 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:00:20.0961 7760 MSPCLOCK - ok
    16:00:20.0983 7760 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    16:00:20.0989 7760 MSPQM - ok
    16:00:21.0012 7760 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    16:00:21.0018 7760 MsRPC - ok
    16:00:21.0058 7760 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    16:00:21.0060 7760 mssmbios - ok
    16:00:21.0065 7760 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    16:00:21.0068 7760 MSTEE - ok
    16:00:21.0266 7760 msvsmon80 (73fa09b84b23a1897809a84f976d5d99) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
    16:00:21.0342 7760 msvsmon80 - ok
    16:00:21.0438 7760 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    16:00:21.0445 7760 MTConfig - ok
    16:00:21.0454 7760 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    16:00:21.0462 7760 Mup - ok
    16:00:21.0518 7760 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    16:00:21.0534 7760 napagent - ok
    16:00:21.0554 7760 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    16:00:21.0564 7760 NativeWifiP - ok
    16:00:21.0618 7760 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    16:00:21.0639 7760 NDIS - ok
    16:00:21.0650 7760 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    16:00:21.0653 7760 NdisCap - ok
    16:00:21.0691 7760 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:00:21.0693 7760 NdisTapi - ok
    16:00:21.0726 7760 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:00:21.0729 7760 Ndisuio - ok
    16:00:21.0769 7760 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:00:21.0790 7760 NdisWan - ok
    16:00:21.0804 7760 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    16:00:21.0806 7760 NDProxy - ok
    16:00:21.0833 7760 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
    16:00:21.0866 7760 Netaapl - ok
    16:00:21.0885 7760 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    16:00:21.0887 7760 NetBIOS - ok
    16:00:21.0912 7760 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    16:00:21.0919 7760 NetBT - ok
    16:00:21.0928 7760 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    16:00:21.0931 7760 Netlogon - ok
    16:00:21.0966 7760 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    16:00:21.0978 7760 Netman - ok
     
  8. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    16:00:22.0031 7760 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    16:00:22.0054 7760 NetMsmqActivator - ok
    16:00:22.0063 7760 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    16:00:22.0065 7760 NetPipeActivator - ok
    16:00:22.0127 7760 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    16:00:22.0136 7760 netprofm - ok
    16:00:22.0145 7760 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    16:00:22.0147 7760 NetTcpActivator - ok
    16:00:22.0152 7760 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    16:00:22.0157 7760 NetTcpPortSharing - ok
    16:00:22.0182 7760 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    16:00:22.0185 7760 nfrd960 - ok
    16:00:22.0212 7760 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    16:00:22.0229 7760 NlaSvc - ok
    16:00:22.0263 7760 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    16:00:22.0265 7760 Npfs - ok
    16:00:22.0274 7760 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    16:00:22.0279 7760 nsi - ok
    16:00:22.0310 7760 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    16:00:22.0313 7760 nsiproxy - ok
    16:00:22.0400 7760 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    16:00:22.0427 7760 Ntfs - ok
    16:00:22.0566 7760 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
    16:00:22.0569 7760 NuidFltr - ok
    16:00:22.0575 7760 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    16:00:22.0578 7760 Null - ok
    16:00:23.0015 7760 nvlddmkm (6f5f9853521e1d6d68d78e7e55157cfb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    16:00:23.0215 7760 nvlddmkm - ok
    16:00:23.0279 7760 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    16:00:23.0284 7760 nvraid - ok
    16:00:23.0308 7760 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    16:00:23.0327 7760 nvstor - ok
    16:00:23.0362 7760 nvsvc (a61aad443808be7f36f00dfd030599f1) C:\Windows\system32\nvvsvc.exe
    16:00:23.0397 7760 nvsvc - ok
    16:00:23.0417 7760 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    16:00:23.0430 7760 nv_agp - ok
    16:00:23.0450 7760 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    16:00:23.0453 7760 ohci1394 - ok
    16:00:23.0494 7760 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:00:23.0500 7760 ose - ok
    16:00:23.0531 7760 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    16:00:23.0550 7760 p2pimsvc - ok
    16:00:23.0579 7760 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    16:00:23.0598 7760 p2psvc - ok
    16:00:23.0640 7760 Parallels Coherence Service (e0806abaf37060c6ee3a1d77d85f8ac0) C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe
    16:00:23.0643 7760 Parallels Coherence Service - ok
    16:00:23.0667 7760 Parallels Tools Service (d3e0c9c06ad9a10618fbebd1dbc5f6ec) C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe
    16:00:23.0674 7760 Parallels Tools Service - ok
    16:00:23.0706 7760 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    16:00:23.0720 7760 Parport - ok
    16:00:23.0737 7760 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    16:00:23.0739 7760 partmgr - ok
    16:00:23.0751 7760 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    16:00:23.0755 7760 Parvdm - ok
    16:00:23.0783 7760 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    16:00:23.0797 7760 PcaSvc - ok
    16:00:23.0824 7760 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    16:00:23.0835 7760 pci - ok
    16:00:23.0847 7760 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    16:00:23.0849 7760 pciide - ok
    16:00:23.0889 7760 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    16:00:23.0897 7760 pcmcia - ok
    16:00:23.0931 7760 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
    16:00:23.0937 7760 PCTINDIS5 - ok
    16:00:23.0955 7760 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    16:00:23.0959 7760 pcw - ok
    16:00:24.0015 7760 PDFProFiltSrv (b0c25ea5278579ec685e32e16bbff24f) C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe
    16:00:24.0020 7760 PDFProFiltSrv - ok
    16:00:24.0065 7760 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    16:00:24.0082 7760 PEAUTH - ok
    16:00:24.0133 7760 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    16:00:24.0167 7760 PeerDistSvc - ok
    16:00:24.0221 7760 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
    16:00:24.0247 7760 PEVSystemStart - ok
    16:00:24.0398 7760 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    16:00:24.0430 7760 pla - ok
    16:00:24.0537 7760 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    16:00:24.0551 7760 PlugPlay - ok
    16:00:24.0606 7760 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\system32\HPZipm12.dll
    16:00:24.0612 7760 Pml Driver HPZ12 - ok
    16:00:24.0619 7760 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    16:00:24.0625 7760 PNRPAutoReg - ok
    16:00:24.0647 7760 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    16:00:24.0653 7760 PNRPsvc - ok
    16:00:24.0698 7760 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
    16:00:24.0702 7760 Point32 - ok
    16:00:24.0742 7760 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    16:00:24.0758 7760 PolicyAgent - ok
    16:00:24.0778 7760 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    16:00:24.0788 7760 Power - ok
    16:00:24.0802 7760 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    16:00:24.0809 7760 PptpMiniport - ok
    16:00:24.0851 7760 prl_boot (80a9573f1718c2c9f148b3d860e295d8) C:\Windows\system32\Drivers\prl_boot.sys
    16:00:24.0854 7760 prl_boot - ok
    16:00:24.0869 7760 prl_dd (0b7bdbcfcbcf01f106c8b5f7242bbfd9) C:\Windows\system32\DRIVERS\prl_kmdd.sys
    16:00:24.0875 7760 prl_dd - ok
    16:00:24.0896 7760 prl_eth5 (63db22aa5f9d14749404b642c8408085) C:\Windows\system32\DRIVERS\prl_eth5.sys
    16:00:24.0899 7760 prl_eth5 - ok
    16:00:24.0925 7760 prl_fs (4a1202105cef8aeaa04c2389b3e9dfad) C:\Windows\system32\DRIVERS\prl_fs.sys
    16:00:24.0938 7760 prl_fs - ok
    16:00:24.0960 7760 prl_memdev (e9e74fb242aa8f101d249ac39d522773) C:\Program Files\Parallels\Parallels Tools\Drivers\prl_memdev\prl_memdev.sys
    16:00:24.0963 7760 prl_memdev - ok
    16:00:24.0980 7760 prl_mouf (a61ece73bcf6bfce848ce577f1d0cee5) C:\Windows\system32\DRIVERS\prl_mouf.sys
    16:00:24.0982 7760 prl_mouf - ok
    16:00:24.0994 7760 prl_pv32 (858114006dcda62964bdcafa4df794d1) C:\Windows\system32\DRIVERS\prl_pv32.sys
    16:00:24.0998 7760 prl_pv32 - ok
    16:00:25.0018 7760 prl_tg (cb02a9b02741a3f77f9362f7201aca56) C:\Windows\system32\DRIVERS\prl_tg.sys
    16:00:25.0021 7760 prl_tg - ok
    16:00:25.0027 7760 prl_time (a88a7cc809d54dca07c27de235f84645) C:\Windows\system32\drivers\prl_time.sys
    16:00:25.0031 7760 prl_time - ok
    16:00:25.0042 7760 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    16:00:25.0046 7760 Processor - ok
    16:00:25.0072 7760 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    16:00:25.0081 7760 ProfSvc - ok
    16:00:25.0100 7760 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    16:00:25.0105 7760 ProtectedStorage - ok
    16:00:25.0134 7760 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    16:00:25.0139 7760 Psched - ok
    16:00:25.0164 7760 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
    16:00:25.0169 7760 PxHelp20 - ok
    16:00:25.0207 7760 QBCFMonitorService (933d92f0bd1d7a9835cd8a8b1235a11e) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    16:00:25.0289 7760 QBCFMonitorService - ok
    16:00:25.0323 7760 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    16:00:25.0324 7760 QBFCService - ok
    16:00:25.0423 7760 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    16:00:25.0543 7760 QBVSS - ok
    16:00:25.0698 7760 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    16:00:25.0725 7760 ql2300 - ok
    16:00:25.0787 7760 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    16:00:25.0800 7760 ql40xx - ok
    16:00:25.0832 7760 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    16:00:25.0843 7760 QWAVE - ok
    16:00:25.0856 7760 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    16:00:25.0859 7760 QWAVEdrv - ok
    16:00:25.0871 7760 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    16:00:25.0874 7760 RasAcd - ok
    16:00:25.0886 7760 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:00:25.0894 7760 RasAgileVpn - ok
    16:00:25.0908 7760 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    16:00:25.0922 7760 RasAuto - ok
    16:00:25.0930 7760 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:00:25.0947 7760 Rasl2tp - ok
    16:00:25.0982 7760 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    16:00:25.0999 7760 RasMan - ok
    16:00:26.0041 7760 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:00:26.0056 7760 RasPppoe - ok
    16:00:26.0098 7760 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    16:00:26.0112 7760 RasSstp - ok
    16:00:26.0162 7760 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    16:00:26.0180 7760 rdbss - ok
    16:00:26.0196 7760 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    16:00:26.0199 7760 rdpbus - ok
    16:00:26.0246 7760 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:00:26.0248 7760 RDPCDD - ok
    16:00:26.0300 7760 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    16:00:26.0306 7760 RDPDR - ok
    16:00:26.0317 7760 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    16:00:26.0319 7760 RDPENCDD - ok
    16:00:26.0337 7760 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    16:00:26.0340 7760 RDPREFMP - ok
    16:00:26.0366 7760 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
    16:00:26.0395 7760 RDPWD - ok
    16:00:26.0449 7760 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    16:00:26.0470 7760 rdyboost - ok
    16:00:26.0501 7760 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    16:00:26.0507 7760 RemoteAccess - ok
    16:00:26.0525 7760 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    16:00:26.0535 7760 RemoteRegistry - ok
    16:00:26.0582 7760 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    16:00:26.0590 7760 RFCOMM - ok
    16:00:26.0601 7760 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    16:00:26.0608 7760 RpcEptMapper - ok
    16:00:26.0620 7760 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    16:00:26.0625 7760 RpcLocator - ok
    16:00:26.0664 7760 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    16:00:26.0672 7760 RpcSs - ok
    16:00:26.0712 7760 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    16:00:26.0715 7760 rspndr - ok
    16:00:26.0725 7760 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    16:00:26.0728 7760 s3cap - ok
    16:00:26.0742 7760 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    16:00:26.0745 7760 SamSs - ok
    16:00:26.0795 7760 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    16:00:26.0846 7760 SASDIFSV - ok
    16:00:26.0866 7760 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    16:00:26.0893 7760 SASKUTIL - ok
    16:00:26.0908 7760 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    16:00:26.0912 7760 sbp2port - ok
    16:00:26.0965 7760 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    16:00:26.0974 7760 SCardSvr - ok
    16:00:27.0011 7760 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    16:00:27.0014 7760 scfilter - ok
    16:00:27.0115 7760 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    16:00:27.0137 7760 Schedule - ok
    16:00:27.0159 7760 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    16:00:27.0161 7760 SCPolicySvc - ok
    16:00:27.0207 7760 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    16:00:27.0218 7760 SDRSVC - ok
    16:00:27.0224 7760 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    16:00:27.0228 7760 secdrv - ok
    16:00:27.0236 7760 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    16:00:27.0242 7760 seclogon - ok
    16:00:27.0253 7760 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
    16:00:27.0259 7760 SENS - ok
    16:00:27.0274 7760 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    16:00:27.0281 7760 SensrSvc - ok
    16:00:27.0288 7760 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    16:00:27.0290 7760 Serenum - ok
    16:00:27.0305 7760 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    16:00:27.0309 7760 Serial - ok
    16:00:27.0319 7760 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    16:00:27.0322 7760 sermouse - ok
    16:00:27.0411 7760 ServiceTimeForce (2399306c505a702536ff558d8751a4f3) C:\inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe
    16:00:27.0566 7760 ServiceTimeForce - ok
    16:00:27.0608 7760 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    16:00:27.0621 7760 SessionEnv - ok
    16:00:27.0627 7760 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    16:00:27.0636 7760 sffdisk - ok
    16:00:27.0653 7760 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    16:00:27.0656 7760 sffp_mmc - ok
    16:00:27.0670 7760 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    16:00:27.0673 7760 sffp_sd - ok
    16:00:27.0684 7760 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    16:00:27.0687 7760 sfloppy - ok
    16:00:27.0737 7760 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    16:00:27.0753 7760 SharedAccess - ok
    16:00:27.0799 7760 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    16:00:27.0814 7760 ShellHWDetection - ok
    16:00:27.0824 7760 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    16:00:27.0828 7760 sisagp - ok
    16:00:27.0840 7760 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:00:27.0845 7760 SiSRaid2 - ok
    16:00:27.0857 7760 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    16:00:27.0872 7760 SiSRaid4 - ok
    16:00:27.0891 7760 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    16:00:27.0911 7760 Smb - ok
    16:00:27.0963 7760 SMSI Device Launch Service (70e81d63eaf9294274131efcfba18cfa) C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
    16:00:27.0967 7760 SMSI Device Launch Service - ok
    16:00:28.0012 7760 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    16:00:28.0019 7760 SNMPTRAP - ok
    16:00:28.0093 7760 SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
    16:00:28.0227 7760 SplashtopRemoteService - ok
    16:00:28.0294 7760 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    16:00:28.0298 7760 spldr - ok
    16:00:28.0379 7760 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    16:00:28.0393 7760 Spooler - ok
    16:00:28.0550 7760 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    16:00:28.0617 7760 sppsvc - ok
    16:00:28.0721 7760 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    16:00:28.0729 7760 sppuinotify - ok
    16:00:28.0818 7760 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    16:00:28.0826 7760 srv - ok
    16:00:28.0853 7760 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    16:00:28.0862 7760 srv2 - ok
    16:00:28.0882 7760 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    16:00:28.0895 7760 srvnet - ok
    16:00:28.0923 7760 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    16:00:28.0934 7760 SSDPSRV - ok
    16:00:28.0954 7760 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    16:00:28.0969 7760 SstpSvc - ok
     
  9. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    16:00:29.0044 7760 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
    16:00:29.0144 7760 SSUService - ok
    16:00:29.0153 7760 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    16:00:29.0155 7760 stexstor - ok
    16:00:29.0225 7760 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    16:00:29.0246 7760 StiSvc - ok
    16:00:29.0264 7760 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    16:00:29.0267 7760 storflt - ok
    16:00:29.0289 7760 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
    16:00:29.0296 7760 StorSvc - ok
    16:00:29.0318 7760 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    16:00:29.0320 7760 storvsc - ok
    16:00:29.0349 7760 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    16:00:29.0353 7760 swenum - ok
    16:00:29.0394 7760 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    16:00:29.0414 7760 swprv - ok
    16:00:29.0484 7760 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    16:00:29.0519 7760 SysMain - ok
    16:00:29.0534 7760 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    16:00:29.0547 7760 TabletInputService - ok
    16:00:29.0602 7760 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    16:00:29.0612 7760 TapiSrv - ok
    16:00:29.0623 7760 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    16:00:29.0632 7760 TBS - ok
    16:00:29.0739 7760 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    16:00:29.0799 7760 Tcpip - ok
    16:00:29.0929 7760 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    16:00:29.0938 7760 TCPIP6 - ok
    16:00:30.0052 7760 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    16:00:30.0057 7760 tcpipreg - ok
    16:00:30.0085 7760 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    16:00:30.0088 7760 TDPIPE - ok
    16:00:30.0097 7760 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
    16:00:30.0100 7760 TDTCP - ok
    16:00:30.0123 7760 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    16:00:30.0127 7760 tdx - ok
    16:00:30.0153 7760 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    16:00:30.0157 7760 TermDD - ok
    16:00:30.0207 7760 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    16:00:30.0253 7760 TermService - ok
    16:00:30.0329 7760 TFPunches (bb0bb65eec250c1f0a3dca2b0a0ef361) C:\inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe
    16:00:30.0450 7760 TFPunches - ok
    16:00:30.0492 7760 TFPunchProcessQueue (c39a40de0fe411156b0048606c82fbc3) C:\inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe
    16:00:30.0598 7760 TFPunchProcessQueue - ok
    16:00:30.0654 7760 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    16:00:30.0661 7760 Themes - ok
    16:00:30.0690 7760 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    16:00:30.0696 7760 THREADORDER - ok
    16:00:30.0710 7760 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    16:00:30.0718 7760 TrkWks - ok
    16:00:30.0746 7760 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    16:00:30.0758 7760 TrustedInstaller - ok
    16:00:30.0802 7760 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:00:30.0804 7760 tssecsrv - ok
    16:00:30.0853 7760 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    16:00:30.0856 7760 TsUsbFlt - ok
    16:00:30.0897 7760 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    16:00:30.0909 7760 tunnel - ok
    16:00:30.0941 7760 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    16:00:30.0944 7760 uagp35 - ok
    16:00:30.0966 7760 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    16:00:30.0975 7760 udfs - ok
    16:00:30.0991 7760 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    16:00:30.0999 7760 UI0Detect - ok
    16:00:31.0011 7760 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    16:00:31.0015 7760 uliagpkx - ok
    16:00:31.0051 7760 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    16:00:31.0054 7760 umbus - ok
    16:00:31.0068 7760 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    16:00:31.0071 7760 UmPass - ok
    16:00:31.0124 7760 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    16:00:31.0144 7760 UmRdpService - ok
    16:00:31.0191 7760 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    16:00:31.0212 7760 upnphost - ok
    16:00:31.0235 7760 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
    16:00:31.0275 7760 USBAAPL - ok
    16:00:31.0314 7760 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    16:00:31.0328 7760 usbaudio - ok
    16:00:31.0352 7760 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:00:31.0366 7760 usbccgp - ok
    16:00:31.0386 7760 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    16:00:31.0399 7760 usbcir - ok
    16:00:31.0430 7760 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
    16:00:31.0434 7760 usbehci - ok
    16:00:31.0468 7760 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    16:00:31.0484 7760 usbhub - ok
    16:00:31.0496 7760 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    16:00:31.0500 7760 usbohci - ok
    16:00:31.0524 7760 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    16:00:31.0528 7760 usbprint - ok
    16:00:31.0545 7760 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    16:00:31.0549 7760 usbscan - ok
    16:00:31.0559 7760 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
    16:00:31.0564 7760 USBSTOR - ok
    16:00:31.0592 7760 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    16:00:31.0596 7760 usbuhci - ok
    16:00:31.0628 7760 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
    16:00:31.0640 7760 usbvideo - ok
    16:00:31.0650 7760 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    16:00:31.0658 7760 UxSms - ok
    16:00:31.0672 7760 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    16:00:31.0677 7760 VaultSvc - ok
    16:00:31.0687 7760 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    16:00:31.0689 7760 vdrvroot - ok
    16:00:31.0742 7760 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    16:00:31.0763 7760 vds - ok
    16:00:31.0772 7760 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:00:31.0775 7760 vga - ok
    16:00:31.0791 7760 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    16:00:31.0794 7760 VgaSave - ok
    16:00:31.0811 7760 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    16:00:31.0823 7760 vhdmp - ok
    16:00:31.0842 7760 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    16:00:31.0844 7760 viaagp - ok
    16:00:31.0853 7760 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    16:00:31.0856 7760 ViaC7 - ok
    16:00:31.0866 7760 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    16:00:31.0869 7760 viaide - ok
    16:00:31.0894 7760 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    16:00:31.0904 7760 vmbus - ok
    16:00:31.0916 7760 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    16:00:31.0919 7760 VMBusHID - ok
    16:00:31.0940 7760 VMMEMCTL (0c45cf9f496b2c95d3a6cab6cf1d3753) C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
    16:00:31.0943 7760 VMMEMCTL - ok
    16:00:31.0954 7760 vmmouse (e216c7c81bf93211b0c1bbae5704e3ab) C:\Windows\system32\DRIVERS\vmmouse.sys
    16:00:31.0956 7760 vmmouse - ok
    16:00:31.0972 7760 vmscsi (82132036ee4d3e8aa3e73feebe1a9741) C:\Windows\system32\DRIVERS\vmscsi.sys
    16:00:31.0975 7760 vmscsi - ok
    16:00:32.0002 7760 VMTools (d067597f01c46e9eb7af9f99a0478a47) C:\Program Files\VMware\VMware Tools\VMwareService.exe
    16:00:32.0010 7760 VMTools - ok
    16:00:32.0039 7760 VMware Physical Disk Helper Service (e542c425912abad91b909adfb16f51bf) C:\Program Files\VMware\VMware Tools\vmacthlp.exe
    16:00:32.0045 7760 VMware Physical Disk Helper Service - ok
    16:00:32.0054 7760 vmxnet (942fb6d221e2d2bde27ffba45a984321) C:\Windows\system32\DRIVERS\vmxnet.sys
    16:00:32.0059 7760 vmxnet - ok
    16:00:32.0098 7760 vmx_svga (728fdab31c353718c1d65c244c52d4c4) C:\Windows\system32\DRIVERS\vmx_svga.sys
    16:00:32.0101 7760 vmx_svga - ok
    16:00:32.0134 7760 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    16:00:32.0137 7760 volmgr - ok
    16:00:32.0177 7760 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    16:00:32.0191 7760 volmgrx - ok
    16:00:32.0217 7760 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    16:00:32.0233 7760 volsnap - ok
    16:00:32.0269 7760 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    16:00:32.0279 7760 vsmraid - ok
    16:00:32.0438 7760 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    16:00:32.0489 7760 VSS - ok
    16:00:32.0502 7760 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    16:00:32.0509 7760 vwifibus - ok
    16:00:32.0523 7760 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    16:00:32.0527 7760 vwififlt - ok
    16:00:32.0538 7760 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
    16:00:32.0540 7760 vwifimp - ok
    16:00:32.0588 7760 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    16:00:32.0602 7760 W32Time - ok
    16:00:32.0646 7760 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
    16:00:32.0664 7760 W3SVC - ok
    16:00:32.0672 7760 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    16:00:32.0675 7760 WacomPen - ok
    16:00:32.0688 7760 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    16:00:32.0692 7760 WANARP - ok
    16:00:32.0696 7760 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    16:00:32.0698 7760 Wanarpv6 - ok
    16:00:32.0723 7760 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
    16:00:32.0726 7760 WAS - ok
    16:00:32.0866 7760 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    16:00:33.0119 7760 WatAdminSvc - ok
    16:00:33.0317 7760 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    16:00:33.0369 7760 wbengine - ok
    16:00:33.0398 7760 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    16:00:33.0409 7760 WbioSrvc - ok
    16:00:33.0444 7760 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    16:00:33.0457 7760 wcncsvc - ok
    16:00:33.0478 7760 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    16:00:33.0486 7760 WcsPlugInService - ok
    16:00:33.0513 7760 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    16:00:33.0516 7760 Wd - ok
    16:00:33.0567 7760 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
    16:00:33.0580 7760 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
    16:00:33.0581 7760 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
    16:00:33.0581 7760 Wdf01000 - detected Virus.Win32.Rloader.a (0)
    16:00:33.0595 7760 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    16:00:33.0604 7760 WdiServiceHost - ok
    16:00:33.0608 7760 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    16:00:33.0616 7760 WdiSystemHost - ok
    16:00:33.0658 7760 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    16:00:33.0678 7760 WebClient - ok
    16:00:33.0703 7760 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    16:00:33.0721 7760 Wecsvc - ok
    16:00:33.0739 7760 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    16:00:33.0746 7760 wercplsupport - ok
    16:00:33.0758 7760 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    16:00:33.0767 7760 WerSvc - ok
    16:00:33.0783 7760 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    16:00:33.0786 7760 WfpLwf - ok
    16:00:33.0794 7760 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    16:00:33.0797 7760 WIMMount - ok
    16:00:33.0870 7760 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    16:00:33.0894 7760 WinDefend - ok
    16:00:33.0921 7760 WinHttpAutoProxySvc - ok
    16:00:33.0975 7760 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    16:00:33.0997 7760 Winmgmt - ok
    16:00:34.0057 7760 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    16:00:34.0088 7760 WinRM - ok
    16:00:34.0138 7760 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    16:00:34.0141 7760 WinUsb - ok
    16:00:34.0258 7760 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    16:00:34.0284 7760 Wlansvc - ok
    16:00:34.0361 7760 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    16:00:34.0371 7760 wlcrasvc - ok
    16:00:34.0555 7760 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:00:34.0601 7760 wlidsvc - ok
    16:00:34.0714 7760 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    16:00:34.0718 7760 WmiAcpi - ok
    16:00:34.0772 7760 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    16:00:34.0780 7760 wmiApSrv - ok
    16:00:34.0882 7760 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    16:00:34.0910 7760 WMPNetworkSvc - ok
    16:00:34.0955 7760 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    16:00:34.0963 7760 WPCSvc - ok
    16:00:34.0997 7760 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    16:00:35.0020 7760 WPDBusEnum - ok
    16:00:35.0041 7760 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    16:00:35.0044 7760 ws2ifsl - ok
    16:00:35.0071 7760 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
    16:00:35.0079 7760 wscsvc - ok
    16:00:35.0086 7760 WSearch - ok
    16:00:35.0257 7760 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    16:00:35.0309 7760 wuauserv - ok
    16:00:35.0536 7760 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    16:00:35.0550 7760 WudfPf - ok
    16:00:35.0587 7760 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:00:35.0599 7760 WUDFRd - ok
    16:00:35.0626 7760 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    16:00:35.0634 7760 wudfsvc - ok
    16:00:35.0675 7760 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    16:00:35.0690 7760 WwanSvc - ok
    16:00:35.0762 7760 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
    16:00:35.0778 7760 yukonw7 - ok
    16:00:35.0861 7760 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    16:00:35.0932 7760 \Device\Harddisk0\DR0 - ok
    16:00:35.0943 7760 Boot (0x1200) (ec5a4169ee350e624eb64252709aaeda) \Device\Harddisk0\DR0\Partition0
    16:00:35.0944 7760 \Device\Harddisk0\DR0\Partition0 - ok
    16:00:35.0975 7760 Boot (0x1200) (394b682f0e627e60b2c939d0f39b89f8) \Device\Harddisk0\DR0\Partition1
    16:00:35.0975 7760 \Device\Harddisk0\DR0\Partition1 - ok
    16:00:36.0004 7760 Boot (0x1200) (642f50d0898020202aff6d85bcb65add) \Device\Harddisk0\DR0\Partition2
    16:00:36.0004 7760 \Device\Harddisk0\DR0\Partition2 - ok
    16:00:36.0007 7760 Boot (0x1200) (2ab7588c28d2e792ad18c33ebf794d57) \Device\Harddisk0\DR0\Partition3
    16:00:36.0009 7760 \Device\Harddisk0\DR0\Partition3 - ok
    16:00:36.0013 7760 Boot (0x1200) (2ab7588c28d2e792ad18c33ebf794d57) \Device\Harddisk0\DR0\Partition4
    16:00:36.0014 7760 \Device\Harddisk0\DR0\Partition4 - ok
    16:00:36.0015 7760 ============================================================
    16:00:36.0015 7760 Scan finished
    16:00:36.0015 7760 ============================================================
    16:00:36.0025 2636 Detected object count: 1
    16:00:36.0025 2636 Actual detected object count: 1
    16:00:54.0029 2636 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
    16:01:03.0457 2636 Backup copy not found, trying to cure infected file..
    16:01:03.0461 2636 Cure success, using it..
    16:01:03.0478 2636 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
    16:01:03.0478 2636 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
    16:01:30.0831 2696 Deinitialize success
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ====================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  11. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-27 22:01:23
    -----------------------------
    22:01:23.745 OS Version: Windows 6.1.7601 Service Pack 1
    22:01:23.745 Number of processors: 2 586 0xF0A
    22:01:23.747 ComputerName: AT UserName:
    22:01:25.934 Initialize success
    22:01:26.533 AVAST engine defs: 12042701
    22:01:44.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    22:01:44.050 Disk 0 Vendor: ST95005620AS SD26 Size: 476940MB BusType: 3
    22:01:44.057 Disk 0 MBR read successfully
    22:01:44.061 Disk 0 MBR scan
    22:01:44.066 Disk 0 Windows 7 default MBR code
    22:01:44.071 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
    22:01:44.077 Disk 0 Partition 2 00 AF HFS / HFS+ 168341 MB offset 409640
    22:01:44.083 Disk 0 Partition 3 00 AB Darwin boot 619 MB offset 345172184
    22:01:44.088 Disk 0 Partition 4 80 (A) 07 HPFS/NTFS NTFS 307779 MB offset 346441728
    22:01:44.097 Disk 0 scanning sectors +976773120
    22:01:44.106 Disk 0 scanning C:\Windows\system32\drivers
    22:01:48.941 Service scanning
    22:01:58.975 Modules scanning
    22:02:01.983 Disk 0 trace - called modules:
    22:02:01.999 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    22:02:02.006 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e477c8]
    22:02:02.013 3 CLASSPNP.SYS[8966659e] -> nt!IofCallDriver -> [0x85d5f918]
    22:02:02.021 5 ACPI.sys[88ec23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85d5d030]
    22:02:02.845 AVAST engine scan C:\Windows
    22:02:06.568 AVAST engine scan C:\Windows\system32
    22:04:31.467 AVAST engine scan C:\Windows\system32\drivers
    22:04:39.525 AVAST engine scan C:\Users\Adrian
    22:12:52.110 Disk 0 MBR has been saved successfully to "C:\Users\Adrian\Desktop\MBR.dat"
    22:12:52.123 The log file has been saved successfully to "C:\Users\Adrian\Desktop\aswMBR.txt"
     
  12. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-27 22:01:23
    -----------------------------
    22:01:23.745 OS Version: Windows 6.1.7601 Service Pack 1
    22:01:23.745 Number of processors: 2 586 0xF0A
    22:01:23.747 ComputerName: AT UserName:
    22:01:25.934 Initialize success
    22:01:26.533 AVAST engine defs: 12042701
    22:01:44.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    22:01:44.050 Disk 0 Vendor: ST95005620AS SD26 Size: 476940MB BusType: 3
    22:01:44.057 Disk 0 MBR read successfully
    22:01:44.061 Disk 0 MBR scan
    22:01:44.066 Disk 0 Windows 7 default MBR code
    22:01:44.071 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
    22:01:44.077 Disk 0 Partition 2 00 AF HFS / HFS+ 168341 MB offset 409640
    22:01:44.083 Disk 0 Partition 3 00 AB Darwin boot 619 MB offset 345172184
    22:01:44.088 Disk 0 Partition 4 80 (A) 07 HPFS/NTFS NTFS 307779 MB offset 346441728
    22:01:44.097 Disk 0 scanning sectors +976773120
    22:01:44.106 Disk 0 scanning C:\Windows\system32\drivers
    22:01:48.941 Service scanning
    22:01:58.975 Modules scanning
    22:02:01.983 Disk 0 trace - called modules:
    22:02:01.999 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    22:02:02.006 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e477c8]
    22:02:02.013 3 CLASSPNP.SYS[8966659e] -> nt!IofCallDriver -> [0x85d5f918]
    22:02:02.021 5 ACPI.sys[88ec23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85d5d030]
    22:02:02.845 AVAST engine scan C:\Windows
    22:02:06.568 AVAST engine scan C:\Windows\system32
    22:04:31.467 AVAST engine scan C:\Windows\system32\drivers
    22:04:39.525 AVAST engine scan C:\Users\Adrian
    22:12:52.110 Disk 0 MBR has been saved successfully to "C:\Users\Adrian\Desktop\MBR.dat"
    22:12:52.123 The log file has been saved successfully to "C:\Users\Adrian\Desktop\aswMBR.txt"
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You posted aswMBR log twice.
    I still need Bootkit Remover log.

    [​IMG]
     
  14. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    .\debug.cpp(238) : Debug log started at 28.04.2012 - 03:18:51
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 32-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x82e1a000 0x00412000 "\SystemRoot\system32\ntkrnlpa.exe"
    .\debug.cpp(256) : 0x8322c000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
    .\debug.cpp(256) : 0x82d24000 0x00008000 "\SystemRoot\system32\kdcom.dll"
    .\debug.cpp(256) : 0x88c33000 0x00085000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
    .\debug.cpp(256) : 0x88cb8000 0x00011000 "\SystemRoot\system32\PSHED.dll"
    .\debug.cpp(256) : 0x88cc9000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0x88cd1000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
    .\debug.cpp(256) : 0x88d13000 0x000ab000 "\SystemRoot\system32\CI.dll"
    .\debug.cpp(256) : 0x88dbe000 0x00017000 "\SystemRoot\system32\drivers\14877127.sys"
    .\debug.cpp(256) : 0x88e3a000 0x00071000 "\SystemRoot\system32\drivers\tskDC83.tmp"
    .\debug.cpp(256) : 0x88eab000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
    .\debug.cpp(256) : 0x88eb9000 0x00048000 "\SystemRoot\system32\drivers\ACPI.sys"
    .\debug.cpp(256) : 0x88f01000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
    .\debug.cpp(256) : 0x88f0a000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
    .\debug.cpp(256) : 0x88f12000 0x0002a000 "\SystemRoot\system32\drivers\pci.sys"
    .\debug.cpp(256) : 0x88f3c000 0x0000b000 "\SystemRoot\system32\drivers\vdrvroot.sys"
    .\debug.cpp(256) : 0x88f47000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
    .\debug.cpp(256) : 0x88f58000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
    .\debug.cpp(256) : 0x88f60000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
    .\debug.cpp(256) : 0x88f6b000 0x00010000 "\SystemRoot\system32\drivers\volmgr.sys"
    .\debug.cpp(256) : 0x88f7b000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
    .\debug.cpp(256) : 0x88fc6000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys"
    .\debug.cpp(256) : 0x88fcd000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
    .\debug.cpp(256) : 0x88fdb000 0x00002000 "\SystemRoot\System32\Drivers\AppleMNT.sys"
    .\debug.cpp(256) : 0x88fdd000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
    .\debug.cpp(256) : 0x88e00000 0x0002a000 "\SystemRoot\system32\drivers\vmbus.sys"
    .\debug.cpp(256) : 0x88dd5000 0x00012000 "\SystemRoot\system32\drivers\winhv.sys"
    .\debug.cpp(256) : 0x88e2a000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
    .\debug.cpp(256) : 0x88c00000 0x00023000 "\SystemRoot\system32\drivers\ataport.SYS"
    .\debug.cpp(256) : 0x88e33000 0x00003000 "\SystemRoot\system32\DRIVERS\vmscsi.sys"
    .\debug.cpp(256) : 0x89025000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
    .\debug.cpp(256) : 0x8904b000 0x00009000 "\SystemRoot\system32\drivers\amdxata.sys"
    .\debug.cpp(256) : 0x89054000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
    .\debug.cpp(256) : 0x89088000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
    .\debug.cpp(256) : 0x89099000 0x0000a000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
    .\debug.cpp(256) : 0x890a3000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
    .\debug.cpp(256) : 0x891d2000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
    .\debug.cpp(256) : 0x89000000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
    .\debug.cpp(256) : 0x8921c000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
    .\debug.cpp(256) : 0x89279000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
    .\debug.cpp(256) : 0x89287000 0x0000d000 "\SystemRoot\System32\Drivers\AppleHFS.sys"
    .\debug.cpp(256) : 0x89294000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
    .\debug.cpp(256) : 0x8929d000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
    .\debug.cpp(256) : 0x89354000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
    .\debug.cpp(256) : 0x89392000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
    .\debug.cpp(256) : 0x8942a000 0x0014a000 "\SystemRoot\System32\drivers\tcpip.sys"
    .\debug.cpp(256) : 0x89574000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
    .\debug.cpp(256) : 0x895a5000 0x00009000 "\SystemRoot\system32\drivers\vmstorfl.sys"
    .\debug.cpp(256) : 0x895ae000 0x0003f000 "\SystemRoot\system32\drivers\volsnap.sys"
    .\debug.cpp(256) : 0x89400000 0x00018000 "\SystemRoot\system32\drivers\sbp2port.sys"
    .\debug.cpp(256) : 0x893b7000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
    .\debug.cpp(256) : 0x89418000 0x00004000 "\SystemRoot\system32\DRIVERS\prl_tg.sys"
    .\debug.cpp(256) : 0x8941c000 0x0000a000 "\SystemRoot\system32\DRIVERS\prl_pv32.sys"
    .\debug.cpp(256) : 0x895ed000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
    .\debug.cpp(256) : 0x893e4000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
    .\debug.cpp(256) : 0x8961f000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
    .\debug.cpp(256) : 0x89651000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
    .\debug.cpp(256) : 0x89662000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0x89687000 0x00007000 "\SystemRoot\system32\DRIVERS\avgrkx86.sys"
    .\debug.cpp(256) : 0x8968e000 0x00004000 "\SystemRoot\system32\DRIVERS\avgidshx.sys"
    .\debug.cpp(256) : 0x896c4000 0x0001f000 "\SystemRoot\system32\drivers\cdrom.sys"
    .\debug.cpp(256) : 0x896e3000 0x0009a000 "\SystemRoot\System32\Drivers\aswSnx.SYS"
    .\debug.cpp(256) : 0x8977d000 0x0000e000 "\SystemRoot\system32\DRIVERS\avgmfx86.sys"
    .\debug.cpp(256) : 0x8978b000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0x89792000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0x89799000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0x897a5000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0x897c6000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
    .\debug.cpp(256) : 0x897d3000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0x897db000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
    .\debug.cpp(256) : 0x897e3000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
    .\debug.cpp(256) : 0x897eb000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0x89600000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0x8960e000 0x00007000 "\SystemRoot\System32\Drivers\prl_boot.sys"
    .\debug.cpp(256) : 0x89200000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
    .\debug.cpp(256) : 0x893ec000 0x0000c000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0x89013000 0x0000c000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
    .\debug.cpp(256) : 0x8d43f000 0x00048000 "\SystemRoot\system32\DRIVERS\avgtdix.sys"
    .\debug.cpp(256) : 0x8d487000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0x8d4b9000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
    .\debug.cpp(256) : 0x8d513000 0x0000d000 "\SystemRoot\System32\Drivers\aswrdr2.sys"
    .\debug.cpp(256) : 0x8d520000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
    .\debug.cpp(256) : 0x8d529000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
    .\debug.cpp(256) : 0x8d530000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
    .\debug.cpp(256) : 0x8d54f000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
    .\debug.cpp(256) : 0x8d560000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0x8d5af000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0x8d5c2000 0x00011000 "\SystemRoot\system32\drivers\termdd.sys"
    .\debug.cpp(256) : 0x8d5d3000 0x00008000 "\SystemRoot\System32\Drivers\spldr.SYS"
    .\debug.cpp(256) : 0x8d5db000 0x00022000 "\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"
    .\debug.cpp(256) : 0x8d400000 0x00006000 "\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"
    .\debug.cpp(256) : 0x8d56e000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0x8d406000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
    .\debug.cpp(256) : 0x8d410000 0x0000a000 "\SystemRoot\system32\drivers\mssmbios.sys"
    .\debug.cpp(256) : 0x8d41a000 0x00003000 "\??\C:\Windows\system32\drivers\LUM.sys"
    .\debug.cpp(256) : 0x8d41d000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
    .\debug.cpp(256) : 0x8dc3b000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
    .\debug.cpp(256) : 0x8dc9f000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
    .\debug.cpp(256) : 0x8dcb7000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
    .\debug.cpp(256) : 0x8dcc5000 0x00038000 "\SystemRoot\system32\DRIVERS\avgldx86.sys"
    .\debug.cpp(256) : 0x8dcfd000 0x00051000 "\SystemRoot\System32\Drivers\aswSP.SYS"
    .\debug.cpp(256) : 0x8dd4e000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
    .\debug.cpp(256) : 0x8dd6f000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
    .\debug.cpp(256) : 0x8dd81000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
    .\debug.cpp(256) : 0x8e83c000 0x00971000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
    .\debug.cpp(256) : 0x8f1ad000 0x00002000 "\SystemRoot\system32\DRIVERS\nvBridge.kmd"
    .\debug.cpp(256) : 0x8e034000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
    .\debug.cpp(256) : 0x8e0eb000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
    .\debug.cpp(256) : 0x8e124000 0x0000b000 "\SystemRoot\system32\drivers\usbuhci.sys"
    .\debug.cpp(256) : 0x8e12f000 0x0004b000 "\SystemRoot\system32\drivers\USBPORT.SYS"
    .\debug.cpp(256) : 0x8e17a000 0x0000f000 "\SystemRoot\system32\drivers\usbehci.sys"
    .\debug.cpp(256) : 0x8e189000 0x0001f000 "\SystemRoot\system32\drivers\HDAudBus.sys"
    .\debug.cpp(256) : 0x8f562000 0x00050000 "\SystemRoot\system32\DRIVERS\yk62x86.sys"
    .\debug.cpp(256) : 0x8f5b2000 0x0002d000 "\SystemRoot\system32\drivers\1394ohci.sys"
    .\debug.cpp(256) : 0x8f5df000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
    .\debug.cpp(256) : 0x8f5e5000 0x0000d000 "\SystemRoot\system32\drivers\CompositeBus.sys"
    .\debug.cpp(256) : 0x8f5f2000 0x00005000 "\SystemRoot\system32\drivers\EMP_UDAU.sys"
    .\debug.cpp(256) : 0x8e1a8000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0x8f400000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0x8e000000 0x00034000 "\SystemRoot\system32\drivers\ks.sys"
    .\debug.cpp(256) : 0x8e1d7000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
    .\debug.cpp(256) : 0x8f1af000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0x8f419000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0x8f1c7000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0x8e800000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0x8e1e9000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0x8e818000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
    .\debug.cpp(256) : 0x8e82f000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
    .\debug.cpp(256) : 0x8f1e9000 0x0000d000 "\SystemRoot\system32\drivers\kbdclass.sys"
    .\debug.cpp(256) : 0x8dd85000 0x0000d000 "\SystemRoot\system32\drivers\mouclass.sys"
    .\debug.cpp(256) : 0x8f424000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
    .\debug.cpp(256) : 0x8dd92000 0x0000e000 "\SystemRoot\system32\drivers\umbus.sys"
    .\debug.cpp(256) : 0x8dda0000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0x8dde4000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0x93412000 0x002a3000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
    .\debug.cpp(256) : 0x936b7000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0x936ce000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0x936d0000 0x00024000 "\SystemRoot\System32\Drivers\usbvideo.sys"
    .\debug.cpp(256) : 0x93702000 0x00005000 "\SystemRoot\system32\DRIVERS\IRFilter.sys"
    .\debug.cpp(256) : 0x93707000 0x0000b000 "\SystemRoot\system32\drivers\hidusb.sys"
    .\debug.cpp(256) : 0x93712000 0x00013000 "\SystemRoot\system32\drivers\HIDCLASS.SYS"
    .\debug.cpp(256) : 0x93725000 0x00007000 "\SystemRoot\system32\drivers\HIDPARSE.SYS"
    .\debug.cpp(256) : 0x9372c000 0x00012000 "\SystemRoot\System32\Drivers\BTHUSB.sys"
    .\debug.cpp(256) : 0x9373e000 0x00064000 "\SystemRoot\System32\Drivers\bthport.sys"
    .\debug.cpp(256) : 0x937a2000 0x0000c000 "\SystemRoot\system32\DRIVERS\KeyMagic.sys"
    .\debug.cpp(256) : 0x937ae000 0x00009000 "\SystemRoot\system32\DRIVERS\aapltp.sys"
    .\debug.cpp(256) : 0x937b7000 0x0000c000 "\SystemRoot\system32\drivers\kbdhid.sys"
    .\debug.cpp(256) : 0x937c3000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0x937ce000 0x00002000 "\SystemRoot\system32\DRIVERS\aapltctp.sys"
    .\debug.cpp(256) : 0x937d0000 0x00024000 "\SystemRoot\system32\DRIVERS\rfcomm.sys"
    .\debug.cpp(256) : 0x93400000 0x0000d000 "\SystemRoot\system32\drivers\BthEnum.sys"
    .\debug.cpp(256) : 0x8dc00000 0x0001b000 "\SystemRoot\system32\DRIVERS\bthpan.sys"
    .\debug.cpp(256) : 0x8dc1b000 0x0001b000 "\SystemRoot\system32\DRIVERS\hidbth.sys"
    .\debug.cpp(256) : 0x8d429000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
    .\debug.cpp(256) : 0x937f4000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
    .\debug.cpp(256) : 0x8f5f7000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
    .\debug.cpp(256) : 0x89692000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
    .\debug.cpp(256) : 0x95ca0000 0x00250000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0x8f1f6000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0x95f00000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
    .\debug.cpp(256) : 0x95f30000 0x0001e000 "\SystemRoot\System32\cdd.dll"
    .\debug.cpp(256) : 0x95f50000 0x0004d000 "\SystemRoot\System32\ATMFD.DLL"
    .\debug.cpp(256) : 0x896a3000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
    .\debug.cpp(256) : 0x99c2c000 0x00033000 "\??\C:\Windows\system32\drivers\aswMonFlt.sys"
    .\debug.cpp(256) : 0x99c5f000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
    .\debug.cpp(256) : 0x99c62000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
    .\debug.cpp(256) : 0x99c7c000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
    .\debug.cpp(256) : 0x99c8c000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
    .\debug.cpp(256) : 0x99cd2000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0x99ce2000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
    .\debug.cpp(256) : 0x99cfe000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
    .\debug.cpp(256) : 0x99d83000 0x00018000 "\SystemRoot\System32\DRIVERS\hgfs.sys"
    .\debug.cpp(256) : 0x99d9b000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
    .\debug.cpp(256) : 0x99db4000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
    .\debug.cpp(256) : 0x99dc6000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0x9de1b000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
    .\debug.cpp(256) : 0x9de56000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
    .\debug.cpp(256) : 0x9de89000 0x00007000 "\??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys"
    .\debug.cpp(256) : 0x9de90000 0x00003000 "\SystemRoot\system32\DRIVERS\avgidsshimx.sys"
    .\debug.cpp(256) : 0x9de93000 0x00002000 "\??\C:\Windows\system32\drivers\KeyAgent.sys"
    .\debug.cpp(256) : 0x9de95000 0x00004000 "\??\C:\Windows\system32\drivers\MacHALDriver.sys"
    .\debug.cpp(256) : 0x9de99000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
    .\debug.cpp(256) : 0x9df32000 0x00003000 "\??\C:\Windows\system32\drivers\prl_time.sys"
    .\debug.cpp(256) : 0x9df35000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
    .\debug.cpp(256) : 0x9df3f000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
    .\debug.cpp(256) : 0x9df60000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
    .\debug.cpp(256) : 0x9df6d000 0x00005000 "\SystemRoot\system32\DRIVERS\avgidsfilterx.sys"
    .\debug.cpp(256) : 0x9df72000 0x00050000 "\SystemRoot\System32\DRIVERS\srv2.sys"
    .\debug.cpp(256) : 0x9dfc2000 0x00021000 "\SystemRoot\system32\DRIVERS\avgidsdriverx.sys"
    .\debug.cpp(256) : 0xa2216000 0x00052000 "\SystemRoot\System32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0xa2268000 0x00025000 "\SystemRoot\System32\drivers\rdpdr.sys"
    .\debug.cpp(256) : 0xa228d000 0x0000b000 "\SystemRoot\system32\drivers\tdtcp.sys"
    .\debug.cpp(256) : 0xa2298000 0x0000d000 "\SystemRoot\System32\DRIVERS\tssecsrv.sys"
    .\debug.cpp(256) : 0xa22a5000 0x00032000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
    .\debug.cpp(256) : 0xa2341000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
    .\debug.cpp(256) : 0xa2361000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
    .\debug.cpp(256) : 0x8f426000 0x0012f000 "\SystemRoot\system32\DRIVERS\athr.sys"
    .\debug.cpp(256) : 0xa22f8000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
    .\debug.cpp(256) : 0xa2302000 0x00009000 "\SystemRoot\system32\DRIVERS\vwifimp.sys"
    .\debug.cpp(256) : 0xa230b000 0x0000e000 "\SystemRoot\System32\Drivers\usbaapl.sys"
    .\debug.cpp(256) : 0xa2319000 0x00009000 "\SystemRoot\system32\DRIVERS\WinUsb.sys"
    .\debug.cpp(256) : 0xa236c000 0x00021000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
    .\debug.cpp(256) : 0xa238d000 0x0000c000 "\??\C:\Users\Adrian\AppData\Local\Temp\aswMBR.sys"
    .\debug.cpp(256) : 0x77380000 0x0013c000 "\Windows\System32\ntdll.dll"
    .\debug.cpp(256) : 0x47970000 0x00013000 "\Windows\System32\smss.exe"
    .\debug.cpp(256) : 0x775c0000 0x00050000 "\Windows\System32\apisetschema.dll"
     
  15. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_106B2C00&REV_1001#4&434c33b&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000087"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{cd693aaa-4881-11e1-894d-806e6f6e6963}#000000000C805000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMBR"
    .\debug.cpp(400) : Destination "\Device\aswMBR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
    .\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000005d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
    .\debug.cpp(400) : Destination "\Device\aswSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000005e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000005b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
    .\debug.cpp(400) : Destination "\Device\AgileVPN"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\KeyAgent"
    .\debug.cpp(400) : Destination "\Device\KeyAgent"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_106B2C00&REV_1001#4&434c33b&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
    .\debug.cpp(400) : Destination "\Device\00000087"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
    .\debug.cpp(400) : Destination "\Device\aswSP_Pot2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_106B2C00&REV_1001#4&434c33b&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000087"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_00A0106B&REV_03#3&33fd14ca&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_00A0106B&REV_03#3&33fd14ca&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-5a551f17-90ac-11e1-956e-001b634350e9"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-5a551f17-90ac-11e1-956e-001b634350e9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_1297#6e4aed49394e3495a07f3ee0c5289fcfdf0af7f3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000005c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_00A0106B&REV_03#3&33fd14ca&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BthPan"
    .\debug.cpp(400) : Destination "\Device\BthPan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_0024&SUBSYS_0087106B&REV_01#4&2d1cf44f&0&00E4#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05AC&PID_021A&MI_00#7&271aa110&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000009f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\000000ad"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000007"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
    .\debug.cpp(400) : Destination "\Device\ProcessManagement"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_00A0106B&REV_03#3&33fd14ca&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2039731d-3378-11df-8c5c-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AppleKeyboard"
    .\debug.cpp(400) : Destination "\Device\AppleKeyboard"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{cd693aaa-4881-11e1-894d-806e6f6e6963}#0000002925D1B000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
    .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
    .\debug.cpp(400) : Destination "\Device\Video5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_8242#5&5fed88d&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
    .\debug.cpp(400) : Destination "\Device\CompositeBattery"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
    .\debug.cpp(400) : Destination "\Device\TeredoTun"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AppleTrackpad"
    .\debug.cpp(400) : Destination "\Device\AppleTrackpad"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MacHALDriver"
    .\debug.cpp(400) : Destination "\Device\MacHALDriver"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
    .\debug.cpp(400) : Destination "\Device\SPDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&25156b2e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&e3fd8ed&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-R___UJ-857E________________ZA0E____#5&1c456322&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&46d0eec&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\000000b4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_0024&SUBSYS_0087106B&REV_01#4&2d1cf44f&0&00E4#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAntiRootkit"
    .\debug.cpp(400) : Destination "\Device\AvgAntiRootkit"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
    .\debug.cpp(400) : Destination "\Device\PEAuth"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000070"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05AC&PID_021A&MI_01&Col01#7&3a4abd4e&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\000000a0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
    .\debug.cpp(400) : Destination "\Device\vwififlt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSnx"
    .\debug.cpp(400) : Destination "\Device\aswSnx"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05AC&PID_021A&MI_00#7&271aa110&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000009f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LUM"
    .\debug.cpp(400) : Destination "\Device\LUM"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
    .\debug.cpp(400) : Destination "\Device\Psched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&341b99a6&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_1297&MI_00#0#{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\IPOD0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&46d0eec&0&01#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\000000b4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{00001124-0000-1000-8000-00805f9b34fb}_VID&0002046d_PID&b002&Col02#8&11c7c5e0&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\000000a8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05AC&PID_021A&MI_02#7&3b4f9266&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\000000a2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\000000ad"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
    .\debug.cpp(400) : Destination "\Device\NDMP16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
    .\debug.cpp(400) : Destination "\Device\ASWTDI"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswWalkStack"
    .\debug.cpp(400) : Destination "\Device\aswWalkStack"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IRFilter"
    .\debug.cpp(400) : Destination "\Device\IRFilter"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgTdi"
    .\debug.cpp(400) : Destination "\Device\AvgTdi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-be8f07e3-0808-4fed-b3d9-87350af879ce"
    .\debug.cpp(400) : Destination "\Device\HostProcess-be8f07e3-0808-4fed-b3d9-87350af879ce"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
    .\debug.cpp(400) : Destination "\Device\00000067"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{cd693aae-4881-11e1-894d-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-6fc96cbb-5fbd-42c9-aa54-5f9d6ed09484"
    .\debug.cpp(400) : Destination "\Device\HostProcess-6fc96cbb-5fbd-42c9-aa54-5f9d6ed09484"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Avg7Rs"
    .\debug.cpp(400) : Destination "\Device\Avg7Rs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\prl_time"
    .\debug.cpp(400) : Destination "\Device\prl_time"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_021A#5&5fed88d&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000073"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\00000066"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&87af198&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
    .\debug.cpp(400) : Destination "\Device\IPSECDOSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_106B2C00&REV_1001#4&434c33b&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\00000087"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_Duo_CPU_____T7500__@_2.20GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000006b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EMPUDAU"
    .\debug.cpp(400) : Destination "\Device\EMPUDAUIO"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NvAdminDevice"
    .\debug.cpp(400) : Destination "\Device\NvAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\prl_pv"
    .\debug.cpp(400) : Destination "\Device\prl_pv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_0024&SUBSYS_0087106B&REV_01#4&2d1cf44f&0&00E4#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000005f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-R___UJ-857E________________ZA0E____#5&1c456322&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_8502&MI_00#6&33ea4ab2&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000008b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination "\Device\USBFDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000068"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP_Open"
    .\debug.cpp(400) : Destination "\Device\aswSP_Open"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{00001124-0000-1000-8000-00805f9b34fb}_VID&0002046d_PID&b002&Col01#8&11c7c5e0&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\000000a7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000005b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&12aaee4a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_8502#406A4727CC177D96_(03.00)#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
    .\debug.cpp(400) : Destination "\Device\USBFDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0407&SUBSYS_00A0106B&REV_A1#4&2be83e7&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAviLdr"
    .\debug.cpp(400) : Destination "\Device\AvgAviLdr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000060"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
    .\debug.cpp(400) : Destination "\clfs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&IPBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\000000ae"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2B1BCB3C-1966-49E5-8FC3-3DCC1057DB37}"
    .\debug.cpp(400) : Destination "\Device\NDMP9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Dbg"
    .\debug.cpp(400) : Destination "\Device\AVGIDS_Dbg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
    .\debug.cpp(400) : Destination "\Device\USBFDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-d06d53e6-2276-4126-b082-76c017cff9b9"
    .\debug.cpp(400) : Destination "\Device\HostProcess-d06d53e6-2276-4126-b082-76c017cff9b9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000007"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTH#MS_BTHPAN#6&20ea9a14&0&2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\000000a5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F5421B39-3B33-490B-B3EA-B0339FADC038}"
    .\debug.cpp(400) : Destination "\Device\NDMP7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
    .\debug.cpp(400) : Destination "\Device\Secdrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{cd693aaa-4881-11e1-894d-806e6f6e6963}#000000294C900000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{cd693aaa-4881-11e1-894d-806e6f6e6963}#0000000000000200#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_8205#5&3ac66824&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
    .\debug.cpp(400) : Destination "\Device\nativewifip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000005e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_436A&SUBSYS_00BA11AB&REV_13#4&1e153618&0&00E5#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
    .\debug.cpp(400) : Destination "\Device\NDMP17"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_106B2C00&REV_1001#4&434c33b&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000087"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#APP9C68#5&37a95d49&0&UID16778240#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
    .\debug.cpp(400) : Destination "\Device\000000af"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#APP9C68#5&37a95d49&0&UID16778240#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
    .\debug.cpp(400) : Destination "\Device\000000af"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000060"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_436A&SUBSYS_00BA11AB&REV_13#4&1e153618&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6CA2A342-016F-4CF9-B85C-785F5CCE1A09}"
    .\debug.cpp(400) : Destination "\Device\NDMP5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_8502&MI_00#6&33ea4ab2&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000008b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Ack"
    .\debug.cpp(400) : Destination "\Device\AVGIDS_Ack"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05AC&PID_8242#6&3687e558&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000008e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000005c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASDIFSV"
    .\debug.cpp(400) : Destination "\Device\SASDIFSV"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
    .\debug.cpp(400) : Destination "\Device\Nsi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
    .\debug.cpp(400) : Destination "\Device\PartmgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMonFltProxy"
    .\debug.cpp(400) : Destination "\Device\aswMonFltProxy"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
    .\debug.cpp(400) : Destination "\Device\USNTracker"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Handler"
    .\debug.cpp(400) : Destination "\Device\aswSP_Handler"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_1297&MI_00#0#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\IPOD0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
    .\debug.cpp(400) : Destination "\Device\NDMP11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&37bf9d3e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-5a551f18-90ac-11e1-956e-001b634350e9"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-5a551f18-90ac-11e1-956e-001b634350e9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASKUTIL"
    .\debug.cpp(400) : Destination "\Device\SASKUTIL"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSShim"
    .\debug.cpp(400) : Destination "\Device\AVGIDSShim"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
    .\debug.cpp(400) : Destination "\Device\WFP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
    .\debug.cpp(400) : Destination "\Device\WwanProt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0407&SUBSYS_00A0106B&REV_A1#4&2be83e7&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NDMP13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_1297#6e4aed49394e3495a07f3ee0c5289fcfdf0af7f3#{f0b32be3-6678-4879-9230-e43845d805ee}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
    .\debug.cpp(400) : Destination "\Device\ASYNCMAC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F96B1675-FF7E-4455-9F1C-0E370CAFD5FB}"
    .\debug.cpp(400) : Destination "\Device\NDMP4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
    .\debug.cpp(400) : Destination "\Device\WANARPV6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HGFS"
    .\debug.cpp(400) : Destination "\Device\hgfsInternal"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\000000ab"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AE964D53-7D73-4FBD-88AE-233C82CE831D}"
    .\debug.cpp(400) : Destination "\Device\NDMP2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\vmmemctl"
    .\debug.cpp(400) : Destination "\Device\vmmemctl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
    .\debug.cpp(400) : Destination "\Device\1394BUS0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-4360d8fc-f2e9-475c-9ed2-4fe651506390"
    .\debug.cpp(400) : Destination "\Device\HostProcess-4360d8fc-f2e9-475c-9ed2-4fe651506390"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000005f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0005#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{00001124-0000-1000-8000-00805f9b34fb}_VID&0002046d_PID&b002&Col01#8&11c7c5e0&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\000000a7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05AC&PID_021A&MI_01&Col01#7&3a4abd4e&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\000000a0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_106B2C00&REV_1001#4&434c33b&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000087"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8025&SUBSYS_00000000&REV_02#4&1549efe7&0&18F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_00A0106B&REV_03#3&33fd14ca&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSErHr"
    .\debug.cpp(400) : Destination "\Device\AVGIDSErHr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_106B2C00&REV_1001#4&434c33b&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
    .\debug.cpp(400) : Destination "\Device\00000087"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
    .\debug.cpp(400) : Destination "\Device\AscKmd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
    .\debug.cpp(400) : Destination "\Device\NDMP12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST95005620AS____________________________SD26____#5&1735e5fa&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{848E6E0F-2A27-48DF-AE35-ADEF404102C8}"
    .\debug.cpp(400) : Destination "\Device\NDMP20"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1EC8B998-CCAF-4511-ADBA-F2642919145F}"
    .\debug.cpp(400) : Destination "\Device\NDMP18"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2e217415&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
    .\debug.cpp(400) : Destination "\Device\MPS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&e3fd8ed&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{32e1bb24-3387-11df-a062-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_00000000&REV_03#3&33fd14ca&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05AC&PID_021A&MI_01&Col02#7&3a4abd4e&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\000000a1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0006#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
    .\debug.cpp(400) : Destination "\Device\aswSP_Avar"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
    .\debug.cpp(400) : Destination "\Device\NDMP15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4C1901D8-5872-4C47-A29A-5D1F9127CA52}"
    .\debug.cpp(400) : Destination "\Device\NDMP10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&38f7d4cd&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
    .\debug.cpp(400) : Destination "\Device\ASWRDR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
    .\debug.cpp(400) : Destination "\Device\NDMP14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_00A0106B&REV_03#3&33fd14ca&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&341b99a6&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{98E00350-C921-4E32-AC53-57198D2CEB75}"
    .\debug.cpp(400) : Destination "\Device\NDMP25"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTH#MS_BTHPAN#6&20ea9a14&0&2#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\000000a5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
    .\debug.cpp(400) : Destination "\Device\SstpDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5C1FD504-7B4C-4788-AD4C-27C3F856704B}"
    .\debug.cpp(400) : Destination "\Device\NDMP1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Ctl"
    .\debug.cpp(400) : Destination "\Device\AVGIDS_Ctl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000063"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
    .\debug.cpp(400) : Destination "\Device\00000067"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{435EF413-5D89-40F8-8E8D-6D64B9CEFD01}"
    .\debug.cpp(400) : Destination "\Device\NDMP24"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{e849804e-c719-43d8-ac88-96b894c191e2}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&13461710&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
    .\debug.cpp(400) : Destination "\Device\WfpAle"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000062"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_8205#5&3ac66824&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000005d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Evt"
    .\debug.cpp(400) : Destination "\Device\AVGIDS_Evt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_Duo_CPU_____T7500__@_2.20GHz#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000006a"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000029`4c900000
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1152) : Done;
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  17. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    I tried running combo fix after disabling all anitvirus software (even deleting AVG) but it seems to hang on the blue screen and followimg words:
    Scanning for imfected files...
    This typically doesn't take more than 10 minutes
    However, scan times for badly infected machines may easily double

    Is it safe to say its still working or should I do it in safe mode and/or us RKill?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go ahead and try safe mode.
     
  19. Adrian Tello

    Adrian Tello TS Rookie Topic Starter

    I followed your steps to the "T" and still have not been able to successfully run combofix. In both regular and safe mode(I let safe mode run over night) it would just hand on the blue screen showing the text in my last post. However, I was able to run Rkill in both safe and regular mode successfully (see both logs below).

    What could I be doing wrong?

    Rkill Regular Mode:
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 05/02/2012 at 16:06:06.
    Operating System: Windows 7 Professional


    Processes terminated by Rkill or while it was running:

    C:\Windows\system32\sppsvc.exe
    C:\Program Files\AVAST Software\Avast\defs\12050201\Sf.bin


    Rkill completed on 05/02/2012 at 16:06:36.
    .
    .
    .

    Rkill Safe Mode:
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 05/02/2012 at 16:40:57.
    Operating System: Windows 7 Professional


    Processes terminated by Rkill or while it was running:



    Rkill completed on 05/02/2012 at 16:40:59.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...