TechSpot

Fake AV redirect to 206.161.121.6

By JeffreyG
Jun 5, 2012
  1. I keep getting my symantec endpoint notifiying me that there is a fake redirect to IP 206.161.121.6 but when I run malwarebytes there is nothing that shoes up. Please help
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    I recently performed a full system scan. Can I include that log or should I give ou the log from the earlier quick scan?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    The most recent scan will be fine.
     
  5. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    would you like all three logs in the same post or first to look at the malwarebytes log
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    It doesn't matter to me.
     
  7. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.05.05
    Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.7601.17514
    drgewirtz :: DR-OFFICE [administrator]
    6/5/2012 11:30:31 AM
    mbam-log-2012-06-05 (11-30-31).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 252203
    Time elapsed: 8 minute(s), 24 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  8. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-05 15:19:18
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-60Z0A0 rev.03.03E03
    Running: k4mchwto.exe; Driver: C:\Users\DRGEWI~1\AppData\Local\Temp\pxloqpog.sys

    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    ---- EOF - GMER 1.0.15 ----
     
  9. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514
    Run by drgewirtz at 15:22:44 on 2012-06-05
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1245 [GMT -4:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
    C:\Windows\system32\Dwm.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Windows\system32\conhost.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\conhost.exe
     
  10. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/25/2010 11:41:21 AM
    System Uptime: 6/5/2012 11:40:49 AM (4 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3047h
    Processor: AMD Athlon(tm) II X2 B24 Processor | XU1 PROCESSOR | 780/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 140 GiB total, 67.822 GiB free.
    D: is FIXED (NTFS) - 7 GiB total, 0.804 GiB free.
    E: is CDROM ()
    O: is NetworkDisk (NTFS) - 466 GiB total, 46.936 GiB free.
    Z: is NetworkDisk (NTFS) - 466 GiB total, 46.936 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&28AAC799&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&28AAC799&0
    Service: i8042prt
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&28AAC799&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&28AAC799&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP131: 5/21/2012 10:22:22 AM - Scheduled Checkpoint
    RP132: 5/24/2012 11:19:59 PM - HPSF Restore Point
    RP143: 6/4/2012 10:06:05 AM - Restore Operation
    RP144: 6/5/2012 1:33:04 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.3)
    AMD Fuel
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    ATI Problem Report Wizard
    ATI Stream SDK v2 Developer
    Bonjour
    Broadcom Management Programs
    BufferChm
    Carbonite
    Catalyst Control Center - Branding
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    CustomerResearchQFolder
    CyberPower PowerPanel Personal Edition 1.2.7
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DeviceDiscovery
    DeviceManagementQFolder
    Dropbox
    G3WebToolkit
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist Corporate
    Hewlett-Packard ACLM.NET v1.1.1.0
    HP Color LaserJet CM2320 MFP Series 3.1
    HP Customer Experience Enhancements
    HP Customer Participation Program 10.0
    HP Imaging Device Functions 10.0
    HP SkyRoom
    HP Support Assistant
    HPAsset component for HP Active Support Library
    hppCLJCM2320
    hppFaxDrvCM2320
    hppFaxUtilityCM2320
    hppFonts
    hppManualsCM2320
    hppQFolderCM2320
    hppScanToCM2320
    hppSendFaxCM2320
    hppusgCM2320
    HydraVision
    iCloud
    iTunes
    Java(TM) 6 Update 26
    LiveUpdate 3.3 (Symantec Corporation)
    LogMeIn
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Forefront UAG endpoint components v4.0.0
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Norton Online Backup
    PDF Complete Special Edition
    QuickBooks
    QuickBooks Pro 2012
    QuickTime
    RAIDXpert
    Realtek High Definition Audio Driver
    Remote Graphics Receiver
    Remote Graphics Sender
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    SupportSoft Assisted Service
    Symantec Endpoint Protection
    TigerView Professional
    TRAKnet PM
    TrayApp
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    WebReg
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/5/2012 9:21:45 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    6/5/2012 9:01:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    6/5/2012 9:01:37 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/5/2012 9:01:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    6/5/2012 8:59:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    6/5/2012 8:46:15 AM, Error: Microsoft-Windows-GroupPolicy [1006] - The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
    6/5/2012 8:35:39 AM, Error: Service Control Manager [7023] - The Application Experience service terminated with the following error: Not enough storage is available to process this command.
    6/5/2012 6:39:00 AM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
    6/5/2012 12:07:43 AM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.
    6/5/2012 11:42:57 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    6/5/2012 11:41:28 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain DR due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    6/5/2012 11:36:26 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/5/2012 11:27:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    6/5/2012 11:27:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/5/2012 11:27:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/5/2012 11:27:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/5/2012 11:27:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/5/2012 11:27:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
    6/5/2012 11:27:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/5/2012 11:27:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache eeCtrl SPBBCDrv spldr SRTSP SRTSPX SYMTDI Wanarpv6
    6/5/2012 11:20:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    6/5/2012 11:20:06 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/5/2012 11:19:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
    6/5/2012 11:19:37 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/5/2012 11:19:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    6/5/2012 11:19:08 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/5/2012 11:18:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    6/5/2012 10:10:23 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
    6/5/2012 10:08:37 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.
    6/5/2012 1:31:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    6/5/2012 1:31:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    6/5/2012 1:31:36 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/4/2012 9:26:53 AM, Error: Service Control Manager [7023] - The Shell Hardware Detection service terminated with the following error: Not enough storage is available to process this command.
    6/4/2012 9:02:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1054" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/4/2012 8:53:32 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
    6/4/2012 8:52:54 AM, Error: AeLookupSvc [1] - The Application Experience Lookup service failed to initialize.
    6/1/2012 8:49:45 AM, Error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
    5/31/2012 4:00:29 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    5/31/2012 3:38:02 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    5/31/2012 3:23:00 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    .
    ==== End Of File ===========================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =======================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  12. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    duplicate
     
  13. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-05 15:38:31
    -----------------------------
    15:38:31.365 OS Version: Windows 6.1.7601 Service Pack 1
    15:38:31.365 Number of processors: 2 586 0x602
    15:38:31.365 ComputerName: DR-OFFICE UserName: drgewirtz
    15:38:34.220 Initialize success
    15:44:11.953 AVAST engine defs: 12060501
    15:45:13.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:45:13.187 Disk 0 Vendor: WDC_WD1600AAJS-60Z0A0 03.03E03 Size: 152627MB BusType: 11
    15:45:13.187 Disk 0 MBR read successfully
    15:45:13.187 Disk 0 MBR scan
    15:45:13.203 Disk 0 Windows 7 default MBR code
    15:45:13.203 Disk 0 MBR hidden
    15:45:13.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2047 MB offset 2048
    15:45:13.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 143209 MB offset 4194304
    15:45:13.265 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7360 MB offset 297486336
    15:45:13.265 Disk 0 scanning sectors +312559616
    15:45:13.343 Disk 0 scanning C:\Windows\system32\drivers
    15:45:26.480 Service scanning
    15:45:54.110 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
    15:45:54.874 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
    15:45:59.710 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
    15:45:59.804 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
    15:46:00.881 Modules scanning
    15:46:23.565 Disk 0 trace - called modules:
    15:46:23.565 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868b44b1]<<
    15:46:23.580 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8658c030]
    15:46:23.580 3 CLASSPNP.SYS[8b3b159e] -> nt!IofCallDriver -> [0x868d3028]
    15:46:23.596 \Driver\atapi[0x86845798] -> IRP_MJ_CREATE -> 0x868b44b1
    15:46:25.047 AVAST engine scan C:\Windows
    15:46:28.291 AVAST engine scan C:\Windows\system32
    15:50:57.319 AVAST engine scan C:\Windows\system32\drivers
    15:51:12.234 AVAST engine scan C:\Users\drgewirtz
    15:57:36.504 Disk 0 MBR has been saved successfully to "C:\Users\drgewirtz\Desktop\MBR.dat"
    15:57:36.519 The log file has been saved successfully to "C:\Users\drgewirtz\Desktop\aswMBR.txt"
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I still need Bootkit Remover log.
    You posted Attach.txt part of DDS instead.
     
  15. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    \debug.cpp(238) : Debug log started at 05.06.2012 - 19:36:53
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 32-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x82c56000 0x00412000 "\SystemRoot\system32\ntkrnlpa.exe"
    .\debug.cpp(256) : 0x82c1f000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
    .\debug.cpp(256) : 0x868fb000 0x00003000 "\SystemRoot\system32\kdcom.dll"
    .\debug.cpp(256) : 0x8322d000 0x0000b000 "\SystemRoot\system32\mcupdate_AuthenticAMD.dll"
    .\debug.cpp(256) : 0x83238000 0x00011000 "\SystemRoot\system32\PSHED.dll"
    .\debug.cpp(256) : 0x83249000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0x83251000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
    .\debug.cpp(256) : 0x83293000 0x000ab000 "\SystemRoot\system32\CI.dll"
    .\debug.cpp(256) : 0x8333e000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
    .\debug.cpp(256) : 0x833af000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
    .\debug.cpp(256) : 0x8341a000 0x00048000 "\SystemRoot\system32\drivers\ACPI.sys"
    .\debug.cpp(256) : 0x83462000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
    .\debug.cpp(256) : 0x8346b000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
    .\debug.cpp(256) : 0x83473000 0x0002a000 "\SystemRoot\system32\drivers\pci.sys"
    .\debug.cpp(256) : 0x8349d000 0x0000b000 "\SystemRoot\system32\drivers\vdrvroot.sys"
    .\debug.cpp(256) : 0x834a8000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
    .\debug.cpp(256) : 0x834b9000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
    .\debug.cpp(256) : 0x834c1000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
    .\debug.cpp(256) : 0x834cc000 0x00010000 "\SystemRoot\system32\drivers\volmgr.sys"
    .\debug.cpp(256) : 0x834dc000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
    .\debug.cpp(256) : 0x83527000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
    .\debug.cpp(256) : 0x8353d000 0x0002a000 "\SystemRoot\system32\drivers\vmbus.sys"
    .\debug.cpp(256) : 0x83567000 0x00012000 "\SystemRoot\system32\drivers\winhv.sys"
    .\debug.cpp(256) : 0x83579000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
    .\debug.cpp(256) : 0x83582000 0x00023000 "\SystemRoot\system32\drivers\ataport.SYS"
    .\debug.cpp(256) : 0x835a5000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys"
    .\debug.cpp(256) : 0x835af000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
    .\debug.cpp(256) : 0x835bd000 0x00009000 "\SystemRoot\system32\drivers\amdxata.sys"
    .\debug.cpp(256) : 0x835c6000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
    .\debug.cpp(256) : 0x83400000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
    .\debug.cpp(256) : 0x83631000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
    .\debug.cpp(256) : 0x83760000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
    .\debug.cpp(256) : 0x8378b000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
    .\debug.cpp(256) : 0x8379e000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
    .\debug.cpp(256) : 0x83600000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
    .\debug.cpp(256) : 0x8360e000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
    .\debug.cpp(256) : 0x8b238000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
    .\debug.cpp(256) : 0x8b2ef000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
    .\debug.cpp(256) : 0x8b32d000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
    .\debug.cpp(256) : 0x8b42e000 0x0014b000 "\SystemRoot\System32\drivers\tcpip.sys"
    .\debug.cpp(256) : 0x8b579000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
    .\debug.cpp(256) : 0x8b5aa000 0x00009000 "\SystemRoot\system32\drivers\vmstorfl.sys"
    .\debug.cpp(256) : 0x8b5b3000 0x0003f000 "\SystemRoot\system32\drivers\volsnap.sys"
    .\debug.cpp(256) : 0x8b5f2000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
    .\debug.cpp(256) : 0x8b400000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
    .\debug.cpp(256) : 0x8b352000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
    .\debug.cpp(256) : 0x8b362000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
    .\debug.cpp(256) : 0x8b36a000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
    .\debug.cpp(256) : 0x8b39c000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
    .\debug.cpp(256) : 0x8b3ad000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0x8b3d2000 0x00008000 "\SystemRoot\system32\DRIVERS\AtiPcie.sys"
    .\debug.cpp(256) : 0x833bd000 0x00043000 "\SystemRoot\system32\DRIVERS\ahcix86s.sys"
    .\debug.cpp(256) : 0x8b62c000 0x00048000 "\SystemRoot\system32\DRIVERS\storport.sys"
    .\debug.cpp(256) : 0x8b6a7000 0x0001f000 "\SystemRoot\system32\drivers\cdrom.sys"
    .\debug.cpp(256) : 0x8b6c6000 0x0004b000 "\SystemRoot\System32\Drivers\SRTSP.SYS"
    .\debug.cpp(256) : 0x94229000 0x0014e000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVEX15.SYS"
    .\debug.cpp(256) : 0x94377000 0x00025000 "\??\C:\Windows\system32\Drivers\SYMEVENT.SYS"
    .\debug.cpp(256) : 0x9439c000 0x00014000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVENG.SYS"
    .\debug.cpp(256) : 0x943b0000 0x0000a000 "\SystemRoot\System32\Drivers\SRTSPX.SYS"
    .\debug.cpp(256) : 0x943ba000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0x943c1000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0x943c8000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0x943d4000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0x94200000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
    .\debug.cpp(256) : 0x9420d000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0x94215000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
    .\debug.cpp(256) : 0x9421d000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
    .\debug.cpp(256) : 0x943f5000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0x8b711000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0x8b71f000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
    .\debug.cpp(256) : 0x8b736000 0x0000c000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0x8b742000 0x0002d000 "\SystemRoot\System32\Drivers\SYMTDI.SYS"
    .\debug.cpp(256) : 0x8b76f000 0x0000e000 "\??\C:\Windows\system32\drivers\wpsdrvnt.sys"
    .\debug.cpp(256) : 0x8b77d000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
    .\debug.cpp(256) : 0x8b200000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0x8b7d7000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
    .\debug.cpp(256) : 0x8b7e0000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
    .\debug.cpp(256) : 0x8b600000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
    .\debug.cpp(256) : 0x8b7e7000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0x8b3da000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
    .\debug.cpp(256) : 0x83617000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0x83200000 0x00011000 "\SystemRoot\system32\drivers\termdd.sys"
    .\debug.cpp(256) : 0x9c60a000 0x0006a000 "\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys"
    .\debug.cpp(256) : 0x9c674000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0x9c6b5000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
    .\debug.cpp(256) : 0x9c6bf000 0x0000a000 "\SystemRoot\system32\drivers\mssmbios.sys"
    .\debug.cpp(256) : 0x9c6c9000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
    .\debug.cpp(256) : 0x9c727000 0x0001d000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
    .\debug.cpp(256) : 0x9c744000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
    .\debug.cpp(256) : 0x9c750000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
    .\debug.cpp(256) : 0x9c768000 0x00014000 "\SystemRoot\system32\DRIVERS\ctxusbm.sys"
    .\debug.cpp(256) : 0x9c77c000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
    .\debug.cpp(256) : 0x9c7e0000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
    .\debug.cpp(256) : 0x9dc22000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
    .\debug.cpp(256) : 0x9dc43000 0x0003e000 "\SystemRoot\system32\DRIVERS\atikmpag.sys"
    .\debug.cpp(256) : 0x9e034000 0x006a7000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
    .\debug.cpp(256) : 0x9e6db000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
    .\debug.cpp(256) : 0x9e792000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
    .\debug.cpp(256) : 0x9dc81000 0x00041000 "\SystemRoot\system32\DRIVERS\b57nd60x.sys"
    .\debug.cpp(256) : 0x9e7cb000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
    .\debug.cpp(256) : 0x9e7d1000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
    .\debug.cpp(256) : 0x9dcc2000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0x9e7db000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0x9e000000 0x0001f000 "\SystemRoot\system32\drivers\HDAudBus.sys"
    .\debug.cpp(256) : 0x9e01f000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0x9e7ea000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0x9dd25000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
    .\debug.cpp(256) : 0x9dd3d000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
    .\debug.cpp(256) : 0x9dd47000 0x0000c000 "\SystemRoot\system32\drivers\tpm.sys"
    .\debug.cpp(256) : 0x9dd53000 0x00011000 "\SystemRoot\system32\DRIVERS\amdppm.sys"
    .\debug.cpp(256) : 0x9e7f7000 0x00009000 "\SystemRoot\system32\drivers\wmiacpi.sys"
    .\debug.cpp(256) : 0x9dd64000 0x0000d000 "\SystemRoot\system32\drivers\CompositeBus.sys"
    .\debug.cpp(256) : 0x9e02c000 0x00001000 "\SystemRoot\system32\DRIVERS\lmimirr.sys"
    .\debug.cpp(256) : 0x9dd71000 0x00008000 "\SystemRoot\system32\DRIVERS\serscan.sys"
    .\debug.cpp(256) : 0x9dd79000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
    .\debug.cpp(256) : 0x9dd8b000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0x9dda3000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0x9ddae000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0x9ddd0000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0x9dde8000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0x9dc00000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
    .\debug.cpp(256) : 0x9dc17000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
    .\debug.cpp(256) : 0x9fc0a000 0x00022000 "\SystemRoot\system32\DRIVERS\teefer2.sys"
    .\debug.cpp(256) : 0x9fc2c000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
    .\debug.cpp(256) : 0x9fc2e000 0x00034000 "\SystemRoot\system32\drivers\ks.sys"
    .\debug.cpp(256) : 0x9fc62000 0x00010000 "\SystemRoot\system32\DRIVERS\amdiox86.sys"
    .\debug.cpp(256) : 0x9fc72000 0x0000e000 "\SystemRoot\system32\drivers\umbus.sys"
    .\debug.cpp(256) : 0x9fc80000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0x9fcc4000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0xa0828000 0x0033c000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
    .\debug.cpp(256) : 0xa0b64000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0xa0b93000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0xa0bac000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
    .\debug.cpp(256) : 0xa0bb9000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
    .\debug.cpp(256) : 0xa0bc4000 0x0000a000 "\SystemRoot\System32\Drivers\dump_msahci.sys"
    .\debug.cpp(256) : 0xa0bce000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
    .\debug.cpp(256) : 0xa0bdf000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0xa0bf6000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0xa2040000 0x00250000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0xa0800000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0xa080a000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
    .\debug.cpp(256) : 0xa0815000 0x0000e000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
    .\debug.cpp(256) : 0xa0823000 0x00003000 "\SystemRoot\system32\DRIVERS\BrUsbSer.sys"
    .\debug.cpp(256) : 0x9fcd5000 0x00043000 "\SystemRoot\system32\DRIVERS\BrSerId.sys"
    .\debug.cpp(256) : 0x9fd18000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
    .\debug.cpp(256) : 0x9fd25000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
    .\debug.cpp(256) : 0x9fd30000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0xa0bf8000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0x9fd43000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
    .\debug.cpp(256) : 0x9fd4f000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0x9fd5a000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
    .\debug.cpp(256) : 0xa22a0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
    .\debug.cpp(256) : 0xa22d0000 0x0001e000 "\SystemRoot\System32\cdd.dll"
    .\debug.cpp(256) : 0x9fd65000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
    .\debug.cpp(256) : 0x9fd80000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
    .\debug.cpp(256) : 0x9fd9a000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
    .\debug.cpp(256) : 0x9fdaa000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
    .\debug.cpp(256) : 0xaac18000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
    .\debug.cpp(256) : 0xaac9d000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
    .\debug.cpp(256) : 0xaacb6000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
    .\debug.cpp(256) : 0xaacc8000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0xaaceb000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
    .\debug.cpp(256) : 0xaad26000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
    .\debug.cpp(256) : 0xaad41000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
    .\debug.cpp(256) : 0xaad70000 0x00002000 "\??\C:\Program Files\LogMeIn\x86\RaInfo.sys"
    .\debug.cpp(256) : 0xaad72000 0x0000a000 "\??\C:\Windows\system32\drivers\LMIRfsDriver.sys"
    .\debug.cpp(256) : 0xb0605000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
    .\debug.cpp(256) : 0xb069c000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
    .\debug.cpp(256) : 0xb06a6000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
    .\debug.cpp(256) : 0xb06c7000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
    .\debug.cpp(256) : 0xb06d4000 0x00050000 "\SystemRoot\System32\DRIVERS\srv2.sys"
    .\debug.cpp(256) : 0xb0724000 0x00052000 "\SystemRoot\System32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0xb0776000 0x00005000 "\SystemRoot\System32\Drivers\SYMREDRV.SYS"
    .\debug.cpp(256) : 0xb07a3000 0x00019000 "\??\C:\Users\DRGEWI~1\AppData\Local\Temp\pxloqpog.sys"
    .\debug.cpp(256) : 0xb07bc000 0x00028000 "\??\C:\Windows\system32\drivers\WpsHelper.sys"
    .\debug.cpp(256) : 0xb07e4000 0x00007000 "\??\C:\Users\DRGEWI~1\AppData\Local\Temp\mbr.sys"
    .\debug.cpp(256) : 0x77350000 0x0013c000 "\Windows\System32\ntdll.dll"
    .\debug.cpp(256) : 0x48260000 0x00013000 "\Windows\System32\smss.exe"
    .\debug.cpp(256) : 0x77590000 0x00050000 "\Windows\System32\apisetschema.dll"
    .\debug.cpp(256) : 0x00580000 0x000a6000 "\Windows\System32\autochk.exe"
    .\debug.cpp(256) : 0x77560000 0x00019000 "\Windows\System32\sechost.dll"
    .\debug.cpp(256) : 0x77250000 0x000f5000 "\Windows\System32\wininet.dll"
    .\debug.cpp(256) : 0x77540000 0x0001f000 "\Windows\System32\imm32.dll"
    .\debug.cpp(256) : 0x774c0000 0x0007b000 "\Windows\System32\comdlg32.dll"
    .\debug.cpp(256) : 0x77200000 0x0004e000 "\Windows\System32\gdi32.dll"
    .\debug.cpp(256) : 0x77170000 0x0008f000 "\Windows\System32\oleaut32.dll"
    .\debug.cpp(256) : 0x77030000 0x00137000 "\Windows\System32\urlmon.dll"
    .\debug.cpp(256) : 0x76e30000 0x001fe000 "\Windows\System32\iertutil.dll"
    .\debug.cpp(256) : 0x76df0000 0x00035000 "\Windows\System32\ws2_32.dll"
    .\debug.cpp(256) : 0x76d90000 0x00057000 "\Windows\System32\shlwapi.dll"
    .\debug.cpp(256) : 0x774b0000 0x00003000 "\Windows\System32\normaliz.dll"
    .\debug.cpp(256) : 0x76cc0000 0x000cc000 "\Windows\System32\msctf.dll"
    .\debug.cpp(256) : 0x76b60000 0x0015c000 "\Windows\System32\ole32.dll"
    .\debug.cpp(256) : 0x76a90000 0x000c9000 "\Windows\System32\user32.dll"
    .\debug.cpp(256) : 0x774a0000 0x0000a000 "\Windows\System32\lpk.dll"
    .\debug.cpp(256) : 0x76a30000 0x00052000 "\Windows\System32\difxapi.dll"
    .\debug.cpp(256) : 0x76a00000 0x0002a000 "\Windows\System32\imagehlp.dll"
    .\debug.cpp(256) : 0x76950000 0x000ac000 "\Windows\System32\msvcrt.dll"
    .\debug.cpp(256) : 0x76870000 0x000d4000 "\Windows\System32\kernel32.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2A8A3CD7-8F53-4A05-89EC-4A88ABE54710}"
    .\debug.cpp(400) : Destination "\Device\NDMP17"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
    .\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col02#7&26907326&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000008b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
    .\debug.cpp(400) : Destination "\Device\AgileVPN"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CtxUsbMonitor"
    .\debug.cpp(400) : Destination "\Device\CtxUsbMonitor"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9710&SUBSYS_3047103C&REV_00#4&26e05a9c&0&2808#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1f8c4de5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000055"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
    .\debug.cpp(400) : Destination "\Device\SymEvent"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{42E0AB8B-0713-409B-8232-95614B27EFCB}"
    .\debug.cpp(400) : Destination "\Device\NDMP5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc68-e067-11df-b9cd-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc74-e067-11df-b9cd-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Teefer2"
    .\debug.cpp(400) : Destination "\Device\Teefer2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_3047103C&REV_00#3&21436425&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1681&SUBSYS_3047103C&REV_10#4&2d1d473b&0&0050#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
    .\debug.cpp(400) : Destination "\Device\ProcessManagement"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#IMAGE#0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\0000000a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsCommunicationDevice"
    .\debug.cpp(400) : Destination "\Device\LMIRFS\Communication"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
    .\debug.cpp(400) : Destination "\Device\ParallelVdm0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HWP2842#5&14e2a111&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
    .\debug.cpp(400) : Destination "\Device\00000091"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
    .\debug.cpp(400) : Destination "\Device\Video5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1681&SUBSYS_3047103C&REV_10#4&2d1d473b&0&0050#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_00#7&39c08f64&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000089"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY7"
    .\debug.cpp(400) : Destination "\Device\Video6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2cddaac1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
    .\debug.cpp(400) : Destination "\Device\CompositeBattery"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_00#6&3709143b&0&0000#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
    .\debug.cpp(400) : Destination "\Device\SPDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&24e763d6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
    .\debug.cpp(400) : Destination "\Device\Serial0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
    .\debug.cpp(400) : Destination "\Device\TeredoTun"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
    .\debug.cpp(400) : Destination "\Device\PEAuth"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000054"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??
     
  16. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    \PCI#VEN_1002&DEV_4398&SUBSYS_3047103C&REV_00#3&21436425&0&91#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&2#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c7b93025-e078-11df-96ad-806e6f6e6963}#0000000080000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c7b93025-e078-11df-96ad-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
    .\debug.cpp(400) : Destination "\Device\Usbscan0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9710&SUBSYS_3047103C&REV_00#4&26e05a9c&0&2808#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
    .\debug.cpp(400) : Destination "\Device\BrSerif0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_6_-_AMD_Athlon(tm)_II_X2_B24_Processor#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000061"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1600AAJS-60Z0A0___________________03.03E03#5&346af5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BBDRVCHANNEL"
    .\debug.cpp(400) : Destination "\Device\BBDrvDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col01#7&26907326&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000008a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0764&PID_0501#5&34357ba7&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#IFX0102#1#{699fb98e-500b-4a5a-ba05-5f26d51168ad}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
    .\debug.cpp(400) : Destination "\Device\Psched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
    .\debug.cpp(400) : Destination "\Device\NAVEX15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000060"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
    .\debug.cpp(400) : Destination "\Device\NDMP12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_02&Col02#7&136056e8&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000008f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
    .\debug.cpp(400) : Destination "\Device\0000005b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
    .\debug.cpp(400) : Destination "\Device\EraserCtrlDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10"
    .\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&4#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_DVD-RAM_GH40L________________________RB12____#5&29158457&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
    .\debug.cpp(400) : Destination "\Device\IPSECDOSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&5#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_01#6&3709143b&0&0001#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\00000080"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination "\Device\USBFDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_3047103C&REV_00#3&21436425&0&92#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\0000005c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_02&Col03#7&136056e8&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000090"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&28aac799&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
    .\debug.cpp(400) : Destination "\Device\USBFDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_3047103C&REV_00#3&21436425&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
    .\debug.cpp(400) : Destination "\clfs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
    .\debug.cpp(400) : Destination "\Device\00000070"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
    .\debug.cpp(400) : Destination "\Device\USBFDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_3047103C&REV_00#3&21436425&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
    .\debug.cpp(400) : Destination "\Device\NAVENG"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{881D56F2-7722-45F7-B67D-8DEFE437CC24}"
    .\debug.cpp(400) : Destination "\Device\NDMP14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col03#7&26907326&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000008c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
    .\debug.cpp(400) : Destination "\Device\SRTSPX"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
    .\debug.cpp(400) : Destination "\Device\Secdrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc69-e067-11df-b9cd-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c7b93025-e078-11df-96ad-806e6f6e6963}#0000002376900000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpsHelper"
    .\debug.cpp(400) : Destination "\Device\WpsHelper"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&9b04cfb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1675132F-1FD4-438C-85AA-FBF8F91844FE}"
    .\debug.cpp(400) : Destination "\Device\NDMP6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_02#6&3709143b&0&0002#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIInfo"
    .\debug.cpp(400) : Destination "\Device\LMIInfo"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&386da790&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DISPLAY#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\00000009"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
    .\debug.cpp(400) : Destination "\Device\NDMP13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc67-e067-11df-b9cd-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0764&PID_0501#6&155e60cf&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000084"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WPS"
    .\debug.cpp(400) : Destination "\Device\WPS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
    .\debug.cpp(400) : Destination "\Device\00000070"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_02#6&3709143b&0&0002#{106e82e8-204c-4ff5-938a-78f9fa28cdfd}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5C337DC8-B8BA-424C-B8FB-B0401E55E488}"
    .\debug.cpp(400) : Destination "\Device\NDMP16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\pxloqpog"
    .\debug.cpp(400) : Destination "\Device\pxloqpog"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_02&Col01#7&136056e8&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000008e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_DVD-RAM_GH40L________________________RB12____#5&29158457&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
    .\debug.cpp(400) : Destination "\Device\Nsi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
    .\debug.cpp(400) : Destination "\Device\PartmgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
    .\debug.cpp(400) : Destination "\Device\NDMP7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col04#7&26907326&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000008d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2c22aea4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
    .\debug.cpp(400) : Destination "\Device\WFP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_00#7&39c08f64&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000089"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NDMP9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1560E7C8-DA86-4CC4-A57D-B60F0985B5A5}"
    .\debug.cpp(400) : Destination "\Device\NDMP1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Brother MFC-8860DN Fax Only"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
    .\debug.cpp(400) : Destination "\Device\WANARPV6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{1e54ece4-34e9-4761-b176-0e98c94784b2}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010"
    .\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&7ce1422&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
    .\debug.cpp(400) : Destination "\Device\Parallel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsDevice"
    .\debug.cpp(400) : Destination "\Device\LMIRFS\Control"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
    .\debug.cpp(400) : Destination "\Device\AscKmd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
    .\debug.cpp(400) : Destination "\Device\NamedPipe\Spooler\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI"
    .\debug.cpp(400) : Destination "\Device\SymTDI"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
    .\debug.cpp(400) : Destination "\Device\NDMP8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
    .\debug.cpp(400) : Destination "\Device\MPS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C8764FB7-C92A-4BE1-A064-6C4EA452A6C3}"
    .\debug.cpp(400) : Destination "\Device\NDMP3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2FA84AB4-45D1-4F67-B200-B88F10488BEB}"
    .\debug.cpp(400) : Destination "\Device\NDMP4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6#000L8J815076#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2e100c7d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
    .\debug.cpp(400) : Destination "\Device\NDMP11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
    .\debug.cpp(400) : Destination "\Device\mbr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
    .\debug.cpp(400) : Destination "\Device\SRTSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
    .\debug.cpp(400) : Destination "\Device\NDMP10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4399&SUBSYS_3047103C&REV_00#3&21436425&0&A5#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col01#7&26907326&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000008a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000053"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C52B#5&34357ba7&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_6_-_AMD_Athlon(tm)_II_X2_B24_Processor#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000062"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000054"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_3047103C&REV_00#3&21436425&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
    .\debug.cpp(400) : Destination "\Device\SstpDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&3#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
    .\debug.cpp(400) : Destination "\Device\0000005b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{27571140-1182-46FD-9C02-3428226E1B47}"
    .\debug.cpp(400) : Destination "\Device\NDMP2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6C9E3E30-677E-456E-88E0-D503D89EF9E9}"
    .\debug.cpp(400) : Destination "\Device\NDMP15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1"
    .\debug.cpp(400) : Destination "\Device\Parallel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
    .\debug.cpp(400) : Destination "\Device\WfpAle"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000052"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_02#6&3709143b&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000055"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HWP2842#5&14e2a111&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
    .\debug.cpp(400) : Destination "\Device\00000091"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
    .\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`80000000
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 149 GB \\.\PhysicalDrive0 Controlled by rootkit!
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1136) : Boot code on some of your physical disks is hidden by a rootkit.
    .\boot_cleaner.cpp(1138) : To disinfect the master boot sector, use the following command:
    .\boot_cleaner.cpp(1139) : remover.exe fix <device_name>
    .\boot_cleaner.cpp(1143) : To inspect the boot code manually, dump the master boot sector:
    .\boot_cleaner.cpp(1144) : remover.exe dump <device_name> [output_file]
    .\boot_cleaner.cpp(1147) :
    .\boot_cleaner.cpp(1152) : Done;
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  18. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    16:52:58.0275 7856 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
    16:52:58.0650 7856 ============================================================
    16:52:58.0650 7856 Current date / time: 2012/06/05 16:52:58.0650
    16:52:58.0650 7856 SystemInfo:
    16:52:58.0650 7856
    16:52:58.0650 7856 OS Version: 6.1.7601 ServicePack: 1.0
    16:52:58.0650 7856 Product type: Workstation
    16:52:58.0650 7856 ComputerName: DR-OFFICE
    16:52:58.0650 7856 UserName: drgewirtz
    16:52:58.0650 7856 Windows directory: C:\Windows
    16:52:58.0650 7856 System windows directory: C:\Windows
    16:52:58.0650 7856 Processor architecture: Intel x86
    16:52:58.0650 7856 Number of processors: 2
    16:52:58.0650 7856 Page size: 0x1000
    16:52:58.0650 7856 Boot type: Normal boot
    16:52:58.0650 7856 ============================================================
    16:52:59.0851 7856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    16:52:59.0851 7856 ============================================================
    16:52:59.0851 7856 \Device\Harddisk0\DR0:
    16:52:59.0851 7856 MBR partitions:
    16:52:59.0851 7856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800
    16:52:59.0851 7856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x117B4800
    16:52:59.0851 7856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11BB4800, BlocksNum 0xE60000
    16:52:59.0851 7856 ============================================================
    16:52:59.0882 7856 C: <-> \Device\Harddisk0\DR0\Partition1
    16:52:59.0929 7856 D: <-> \Device\Harddisk0\DR0\Partition2
    16:52:59.0929 7856 ============================================================
    16:52:59.0929 7856 Initialize success
    16:52:59.0929 7856 ============================================================
    16:53:26.0856 7956 ============================================================
    16:53:26.0856 7956 Scan started
    16:53:26.0856 7956 Mode: Manual;
    16:53:26.0856 7956 ============================================================
    16:53:27.0792 7956 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    16:53:27.0823 7956 1394ohci - ok
    16:53:27.0886 7956 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    16:53:27.0901 7956 ACPI - ok
    16:53:27.0964 7956 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    16:53:27.0964 7956 AcpiPmi - ok
    16:53:28.0104 7956 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:53:28.0104 7956 AdobeARMservice - ok
    16:53:28.0213 7956 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    16:53:28.0229 7956 AdobeFlashPlayerUpdateSvc - ok
    16:53:28.0307 7956 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    16:53:28.0323 7956 adp94xx - ok
    16:53:28.0354 7956 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    16:53:28.0385 7956 adpahci - ok
    16:53:28.0401 7956 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    16:53:28.0416 7956 adpu320 - ok
    16:53:28.0447 7956 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    16:53:28.0447 7956 AeLookupSvc - ok
    16:53:28.0525 7956 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    16:53:28.0525 7956 AFD - ok
    16:53:28.0572 7956 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    16:53:28.0572 7956 agp440 - ok
    16:53:28.0635 7956 ahcix86s (38bc231bc7424c0559d71e24a56a4032) C:\Windows\system32\DRIVERS\ahcix86s.sys
    16:53:28.0650 7956 ahcix86s - ok
    16:53:28.0697 7956 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    16:53:28.0728 7956 aic78xx - ok
    16:53:28.0775 7956 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    16:53:28.0775 7956 ALG - ok
    16:53:28.0822 7956 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    16:53:28.0837 7956 aliide - ok
    16:53:28.0884 7956 AMD External Events Utility (0656b3898c41334e51ef7d1d7a907738) C:\Windows\system32\atiesrxx.exe
    16:53:28.0900 7956 AMD External Events Utility - ok
    16:53:28.0993 7956 AMD FUEL Service - ok
    16:53:29.0056 7956 AMD Reservation Manager (9fe76d783a7d47965d086a220b54277b) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    16:53:29.0071 7956 AMD Reservation Manager - ok
    16:53:29.0103 7956 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    16:53:29.0134 7956 amdagp - ok
    16:53:29.0134 7956 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    16:53:29.0149 7956 amdide - ok
    16:53:29.0196 7956 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
    16:53:29.0196 7956 amdiox86 - ok
    16:53:29.0227 7956 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    16:53:29.0243 7956 AmdK8 - ok
    16:53:29.0836 7956 amdkmdag (ad046a47ab5ef015a74baf1a42ff09a3) C:\Windows\system32\DRIVERS\atikmdag.sys
    16:53:29.0961 7956 amdkmdag - ok
    16:53:30.0132 7956 amdkmdap (fa05e9ef58dce49adbab2bb7027f909a) C:\Windows\system32\DRIVERS\atikmpag.sys
    16:53:30.0132 7956 amdkmdap - ok
    16:53:30.0179 7956 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    16:53:30.0179 7956 AmdPPM - ok
    16:53:30.0241 7956 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    16:53:30.0273 7956 amdsata - ok
    16:53:30.0304 7956 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    16:53:30.0319 7956 amdsbs - ok
    16:53:30.0335 7956 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    16:53:30.0335 7956 amdxata - ok
    16:53:30.0429 7956 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
    16:53:30.0429 7956 AMD_RAIDXpert - ok
    16:53:30.0475 7956 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    16:53:30.0507 7956 AppID - ok
    16:53:30.0553 7956 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    16:53:30.0553 7956 AppIDSvc - ok
    16:53:30.0585 7956 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    16:53:30.0585 7956 Appinfo - ok
    16:53:30.0725 7956 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:53:30.0725 7956 Apple Mobile Device - ok
    16:53:30.0756 7956 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    16:53:30.0756 7956 AppMgmt - ok
    16:53:30.0819 7956 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    16:53:30.0834 7956 arc - ok
    16:53:30.0850 7956 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    16:53:30.0866 7956 arcsas - ok
    16:53:30.0990 7956 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    16:53:31.0068 7956 aspnet_state - ok
    16:53:31.0100 7956 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:53:31.0100 7956 AsyncMac - ok
    16:53:31.0115 7956 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    16:53:31.0115 7956 atapi - ok
    16:53:31.0755 7956 atikmdag (ad046a47ab5ef015a74baf1a42ff09a3) C:\Windows\system32\DRIVERS\atikmdag.sys
    16:53:31.0786 7956 atikmdag - ok
    16:53:31.0942 7956 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
    16:53:31.0942 7956 AtiPcie - ok
    16:53:32.0036 7956 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    16:53:32.0051 7956 AudioEndpointBuilder - ok
    16:53:32.0067 7956 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    16:53:32.0067 7956 Audiosrv - ok
    16:53:32.0129 7956 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    16:53:32.0129 7956 AxInstSV - ok
    16:53:32.0176 7956 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    16:53:32.0207 7956 b06bdrv - ok
    16:53:32.0254 7956 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
    16:53:32.0270 7956 b57nd60x - ok
    16:53:32.0285 7956 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    16:53:32.0285 7956 BDESVC - ok
    16:53:32.0316 7956 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    16:53:32.0316 7956 Beep - ok
    16:53:32.0394 7956 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    16:53:32.0410 7956 BFE - ok
    16:53:32.0488 7956 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
    16:53:32.0488 7956 BITS - ok
    16:53:32.0504 7956 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    16:53:32.0504 7956 blbdrive - ok
    16:53:32.0550 7956 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
    16:53:32.0582 7956 Blfp - ok
    16:53:32.0722 7956 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    16:53:32.0722 7956 Bonjour Service - ok
    16:53:32.0800 7956 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    16:53:32.0800 7956 bowser - ok
    16:53:32.0831 7956 BrcmMgmtAgent (013fe11718a1ed54c57544ac233bfa33) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    16:53:32.0831 7956 BrcmMgmtAgent - ok
    16:53:32.0862 7956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:53:32.0878 7956 BrFiltLo - ok
    16:53:32.0878 7956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:53:32.0894 7956 BrFiltUp - ok
    16:53:32.0940 7956 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    16:53:32.0940 7956 Browser - ok
    16:53:32.0987 7956 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\system32\DRIVERS\BrSerId.sys
    16:53:33.0003 7956 Brserid - ok
    16:53:33.0018 7956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    16:53:33.0050 7956 BrSerWdm - ok
    16:53:33.0065 7956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:53:33.0081 7956 BrUsbMdm - ok
    16:53:33.0081 7956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
    16:53:33.0096 7956 BrUsbSer - ok
    16:53:33.0112 7956 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    16:53:33.0112 7956 BTHMODEM - ok
    16:53:33.0252 7956 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    16:53:33.0268 7956 bthserv - ok
    16:53:33.0752 7956 CarboniteService (a58b3de1d95e10fc840f635ba9c3f174) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    16:53:33.0767 7956 CarboniteService - ok
    16:53:33.0876 7956 ccEvtMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    16:53:33.0876 7956 ccEvtMgr - ok
    16:53:33.0892 7956 ccSetMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    16:53:33.0892 7956 ccSetMgr - ok
    16:53:34.0064 7956 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    16:53:34.0095 7956 cdfs - ok
    16:53:34.0157 7956 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    16:53:34.0157 7956 cdrom - ok
    16:53:34.0220 7956 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    16:53:34.0220 7956 CertPropSvc - ok
    16:53:34.0235 7956 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    16:53:34.0251 7956 circlass - ok
    16:53:34.0298 7956 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    16:53:34.0313 7956 CLFS - ok
    16:53:34.0376 7956 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:53:34.0423 7956 clr_optimization_v2.0.50727_32 - ok
    16:53:34.0532 7956 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:53:34.0563 7956 clr_optimization_v4.0.30319_32 - ok
    16:53:34.0579 7956 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:53:34.0594 7956 CmBatt - ok
    16:53:34.0657 7956 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    16:53:34.0672 7956 cmdide - ok
    16:53:34.0735 7956 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    16:53:34.0750 7956 CNG - ok
    16:53:34.0766 7956 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    16:53:34.0766 7956 Compbatt - ok
    16:53:34.0828 7956 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    16:53:34.0828 7956 CompositeBus - ok
    16:53:34.0844 7956 COMSysApp - ok
    16:53:34.0859 7956 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    16:53:34.0875 7956 crcdisk - ok
    16:53:34.0922 7956 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    16:53:34.0922 7956 CryptSvc - ok
    16:53:35.0000 7956 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    16:53:35.0000 7956 CSC - ok
    16:53:35.0047 7956 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    16:53:35.0062 7956 CscService - ok
    16:53:35.0125 7956 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
    16:53:35.0140 7956 ctxusbm - ok
    16:53:35.0218 7956 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    16:53:35.0218 7956 DcomLaunch - ok
    16:53:35.0265 7956 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    16:53:35.0265 7956 defragsvc - ok
    16:53:35.0327 7956 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    16:53:35.0327 7956 DfsC - ok
    16:53:35.0405 7956 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    16:53:35.0405 7956 Dhcp - ok
    16:53:35.0452 7956 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    16:53:35.0452 7956 discache - ok
    16:53:35.0483 7956 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    16:53:35.0483 7956 Disk - ok
    16:53:35.0577 7956 DMService (5aa7259db2bdc4878531621c7e91cdb4) C:\Windows\DOWNLO~1\DMService.exe
    16:53:35.0639 7956 DMService - ok
    16:53:35.0671 7956 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    16:53:35.0686 7956 Dnscache - ok
    16:53:35.0749 7956 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    16:53:35.0749 7956 dot3svc - ok
    16:53:35.0811 7956 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    16:53:35.0811 7956 DPS - ok
    16:53:35.0842 7956 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    16:53:35.0858 7956 drmkaud - ok
    16:53:35.0967 7956 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    16:53:35.0983 7956 DXGKrnl - ok
    16:53:36.0014 7956 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    16:53:36.0014 7956 EapHost - ok
    16:53:36.0279 7956 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    16:53:36.0341 7956 ebdrv - ok
    16:53:36.0466 7956 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    16:53:36.0497 7956 eeCtrl - ok
    16:53:36.0638 7956 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    16:53:36.0638 7956 EFS - ok
    16:53:36.0731 7956 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    16:53:36.0825 7956 ehRecvr - ok
    16:53:36.0841 7956 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    16:53:36.0887 7956 ehSched - ok
    16:53:36.0981 7956 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    16:53:37.0012 7956 elxstor - ok
    16:53:37.0121 7956 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    16:53:37.0153 7956 EraserUtilRebootDrv - ok
    16:53:37.0184 7956 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    16:53:37.0199 7956 ErrDev - ok
    16:53:37.0246 7956 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    16:53:37.0262 7956 EventSystem - ok
    16:53:37.0293 7956 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    16:53:37.0309 7956 exfat - ok
    16:53:37.0324 7956 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    16:53:37.0340 7956 fastfat - ok
    16:53:37.0418 7956 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    16:53:37.0433 7956 Fax - ok
    16:53:37.0449 7956 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    16:53:37.0449 7956 fdc - ok
    16:53:37.0465 7956 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    16:53:37.0465 7956 fdPHost - ok
    16:53:37.0480 7956 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    16:53:37.0480 7956 FDResPub - ok
    16:53:37.0496 7956 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    16:53:37.0496 7956 FileInfo - ok
    16:53:37.0496 7956 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    16:53:37.0511 7956 Filetrace - ok
    16:53:37.0527 7956 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:53:37.0527 7956 flpydisk - ok
    16:53:37.0574 7956 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    16:53:37.0590 7956 FltMgr - ok
    16:53:37.0699 7956 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    16:53:37.0730 7956 FontCache - ok
    16:53:37.0792 7956 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    16:53:37.0792 7956 FontCache3.0.0.0 - ok
    16:53:37.0824 7956 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    16:53:37.0839 7956 FsDepends - ok
    16:53:37.0886 7956 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
    16:53:37.0886 7956 Fs_Rec - ok
    16:53:37.0948 7956 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    16:53:37.0948 7956 fvevol - ok
    16:53:37.0980 7956 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:53:37.0980 7956 gagp30kx - ok
    16:53:38.0042 7956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:53:38.0058 7956 GEARAspiWDM - ok
    16:53:38.0151 7956 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
    16:53:38.0167 7956 GoToAssist - ok
    16:53:38.0260 7956 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    16:53:38.0276 7956 gpsvc - ok
    16:53:38.0385 7956 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    16:53:38.0385 7956 gupdate - ok
    16:53:38.0401 7956 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    16:53:38.0401 7956 gupdatem - ok
    16:53:38.0432 7956 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    16:53:38.0479 7956 gusvc - ok
    16:53:38.0494 7956 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    16:53:38.0494 7956 hcw85cir - ok
    16:53:38.0572 7956 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    16:53:38.0604 7956 HdAudAddService - ok
    16:53:38.0635 7956 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    16:53:38.0635 7956 HDAudBus - ok
    16:53:38.0650 7956 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    16:53:38.0666 7956 HidBatt - ok
    16:53:38.0697 7956 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    16:53:38.0713 7956 HidBth - ok
    16:53:38.0744 7956 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    16:53:38.0744 7956 HidIr - ok
    16:53:38.0775 7956 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
    16:53:38.0775 7956 hidserv - ok
    16:53:38.0822 7956 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    16:53:38.0822 7956 HidUsb - ok
    16:53:38.0853 7956 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    16:53:38.0853 7956 hkmsvc - ok
    16:53:38.0884 7956 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    16:53:38.0884 7956 HomeGroupListener - ok
    16:53:38.0931 7956 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    16:53:38.0947 7956 HomeGroupProvider - ok
    16:53:39.0072 7956 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    16:53:39.0072 7956 HP Support Assistant Service - ok
    16:53:39.0134 7956 Hp.Skyroom.Windows.Service (a1731b1204cd7eb9c244b0a6f89264df) C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    16:53:39.0134 7956 Hp.Skyroom.Windows.Service - ok
    16:53:39.0212 7956 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    16:53:39.0212 7956 HPDrvMntSvc.exe - ok
    16:53:39.0368 7956 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    16:53:39.0384 7956 hpqcxs08 - ok
    16:53:39.0415 7956 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    16:53:39.0430 7956 hpqddsvc - ok
    16:53:39.0555 7956 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    16:53:39.0602 7956 hpqwmiex - ok
    16:53:39.0742 7956 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    16:53:39.0774 7956 HpSAMD - ok
    16:53:39.0867 7956 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    16:53:39.0883 7956 HTTP - ok
    16:53:39.0914 7956 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    16:53:39.0914 7956 hwpolicy - ok
    16:53:39.0992 7956 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    16:53:40.0008 7956 i8042prt - ok
    16:53:40.0086 7956 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    16:53:40.0132 7956 iaStorV - ok
    16:53:40.0273 7956 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    16:53:40.0320 7956 idsvc - ok
    16:53:41.0115 7956 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
    16:53:41.0209 7956 igfx - ok
    16:53:41.0381 7956 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    16:53:41.0396 7956 iirsp - ok
    16:53:41.0521 7956 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    16:53:41.0521 7956 IKEEXT - ok
    16:53:41.0864 7956 IntcAzAudAddService (3e67626ffff2ae1440bd0e94729a9edf) C:\Windows\system32\drivers\RTKVHDA.sys
    16:53:41.0927 7956 IntcAzAudAddService - ok
    16:53:42.0083 7956 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    16:53:42.0098 7956 intelide - ok
    16:53:42.0129 7956 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    16:53:42.0145 7956 intelppm - ok
    16:53:42.0192 7956 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    16:53:42.0192 7956 IPBusEnum - ok
    16:53:42.0207 7956 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:53:42.0223 7956 IpFilterDriver - ok
    16:53:42.0301 7956 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    16:53:42.0317 7956 iphlpsvc - ok
    16:53:42.0348 7956 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    16:53:42.0363 7956 IPMIDRV - ok
    16:53:42.0379 7956 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    16:53:42.0395 7956 IPNAT - ok
    16:53:42.0551 7956 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    16:53:42.0566 7956 iPod Service - ok
    16:53:42.0582 7956 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    16:53:42.0582 7956 IRENUM - ok
    16:53:42.0629 7956 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    16:53:42.0644 7956 isapnp - ok
    16:53:42.0707 7956 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    16:53:42.0722 7956 iScsiPrt - ok
    16:53:42.0753 7956 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:53:42.0753 7956 kbdclass - ok
    16:53:42.0800 7956 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    16:53:42.0800 7956 kbdhid - ok
    16:53:42.0847 7956 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    16:53:42.0847 7956 KeyIso - ok
    16:53:42.0894 7956 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    16:53:42.0909 7956 KSecDD - ok
    16:53:42.0956 7956 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    16:53:42.0972 7956 KSecPkg - ok
    16:53:43.0019 7956 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    16:53:43.0034 7956 KtmRm - ok
    16:53:43.0081 7956 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
    16:53:43.0081 7956 LanmanServer - ok
    16:53:43.0143 7956 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    16:53:43.0143 7956 LanmanWorkstation - ok
    16:53:43.0533 7956 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    16:53:43.0596 7956 LiveUpdate - ok
    16:53:43.0736 7956 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    16:53:43.0752 7956 lltdio - ok
    16:53:43.0783 7956 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    16:53:43.0783 7956 lltdsvc - ok
    16:53:43.0799 7956 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    16:53:43.0799 7956 lmhosts - ok
    16:53:43.0939 7956 LMIGuardianSvc (c2bc96051da4330c1fcf2fe13f60a748) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    16:53:43.0939 7956 LMIGuardianSvc - ok
    16:53:43.0986 7956 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    16:53:44.0001 7956 LMIInfo - ok
    16:53:44.0033 7956 LMIMaint (8960ac10842199c9dc2ec0956f5a4a8d) C:\Program Files\LogMeIn\x86\RaMaint.exe
    16:53:44.0033 7956 LMIMaint - ok
    16:53:44.0079 7956 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
    16:53:44.0079 7956 lmimirr - ok
    16:53:44.0079 7956 LMIRfsClientNP - ok
    16:53:44.0095 7956 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
    16:53:44.0095 7956 LMIRfsDriver - ok
    16:53:44.0173 7956 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    16:53:44.0173 7956 LogMeIn - ok
    16:53:44.0204 7956 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:53:44.0220 7956 LSI_FC - ok
    16:53:44.0235 7956 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:53:44.0235 7956 LSI_SAS - ok
    16:53:44.0251 7956 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:53:44.0267 7956 LSI_SAS2 - ok
    16:53:44.0282 7956 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:53:44.0298 7956 LSI_SCSI - ok
    16:53:44.0313 7956 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    16:53:44.0329 7956 luafv - ok
    16:53:44.0360 7956 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    16:53:44.0360 7956 Mcx2Svc - ok
    16:53:44.0376 7956 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    16:53:44.0391 7956 megasas - ok
    16:53:44.0407 7956 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    16:53:44.0423 7956 MegaSR - ok
    16:53:44.0454 7956 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    16:53:44.0454 7956 MMCSS - ok
    16:53:44.0454 7956 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    16:53:44.0454 7956 Modem - ok
    16:53:44.0501 7956 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    16:53:44.0501 7956 monitor - ok
    16:53:44.0548 7956 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    16:53:44.0548 7956 mouclass - ok
    16:53:44.0563 7956 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    16:53:44.0563 7956 mouhid - ok
    16:53:44.0610 7956 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    16:53:44.0610 7956 mountmgr - ok
    16:53:44.0657 7956 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    16:53:44.0704 7956 mpio - ok
    16:53:44.0735 7956 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    16:53:44.0735 7956 mpsdrv - ok
    16:53:44.0813 7956 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    16:53:44.0813 7956 MpsSvc - ok
    16:53:44.0860 7956 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    16:53:44.0891 7956 MRxDAV - ok
    16:53:44.0953 7956 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:53:44.0969 7956 mrxsmb - ok
    16:53:45.0062 7956 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:53:45.0078 7956 mrxsmb10 - ok
    16:53:45.0140 7956 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:53:45.0172 7956 mrxsmb20 - ok
    16:53:45.0218 7956 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    16:53:45.0218 7956 msahci - ok
    16:53:45.0265 7956 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    16:53:45.0281 7956 msdsm - ok
    16:53:45.0499 7956 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    16:53:45.0499 7956 MSDTC - ok
    16:53:45.0562 7956 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
     
  19. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    16:53:45.0562 7956 Msfs - ok
    16:53:45.0577 7956 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    16:53:45.0577 7956 mshidkmdf - ok
    16:53:45.0624 7956 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    16:53:45.0624 7956 msisadrv - ok
    16:53:45.0655 7956 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    16:53:45.0671 7956 MSiSCSI - ok
    16:53:45.0671 7956 msiserver - ok
    16:53:45.0702 7956 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    16:53:45.0702 7956 MSKSSRV - ok
    16:53:45.0718 7956 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:53:45.0718 7956 MSPCLOCK - ok
    16:53:45.0749 7956 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    16:53:45.0749 7956 MSPQM - ok
    16:53:45.0780 7956 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    16:53:45.0780 7956 MsRPC - ok
    16:53:45.0811 7956 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    16:53:45.0811 7956 mssmbios - ok
    16:53:45.0827 7956 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    16:53:45.0827 7956 MSTEE - ok
    16:53:45.0842 7956 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    16:53:45.0858 7956 MTConfig - ok
    16:53:45.0858 7956 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    16:53:45.0858 7956 Mup - ok
    16:53:45.0936 7956 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    16:53:45.0936 7956 napagent - ok
    16:53:45.0983 7956 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    16:53:45.0998 7956 NativeWifiP - ok
    16:53:46.0154 7956 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVENG.SYS
    16:53:46.0170 7956 NAVENG - ok
    16:53:46.0295 7956 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVEX15.SYS
    16:53:46.0342 7956 NAVEX15 - ok
    16:53:46.0544 7956 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    16:53:46.0560 7956 NDIS - ok
    16:53:46.0591 7956 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    16:53:46.0607 7956 NdisCap - ok
    16:53:46.0622 7956 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:53:46.0622 7956 NdisTapi - ok
    16:53:46.0669 7956 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:53:46.0685 7956 Ndisuio - ok
    16:53:46.0747 7956 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:53:46.0763 7956 NdisWan - ok
    16:53:46.0810 7956 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    16:53:46.0825 7956 NDProxy - ok
    16:53:46.0888 7956 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
    16:53:46.0888 7956 Net Driver HPZ12 - ok
    16:53:46.0919 7956 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    16:53:46.0919 7956 NetBIOS - ok
    16:53:46.0981 7956 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    16:53:46.0981 7956 NetBT - ok
    16:53:47.0028 7956 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    16:53:47.0028 7956 Netlogon - ok
    16:53:47.0106 7956 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    16:53:47.0122 7956 Netman - ok
    16:53:47.0246 7956 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    16:53:47.0262 7956 NetMsmqActivator - ok
    16:53:47.0278 7956 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    16:53:47.0278 7956 NetPipeActivator - ok
    16:53:47.0324 7956 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    16:53:47.0324 7956 netprofm - ok
    16:53:47.0340 7956 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    16:53:47.0340 7956 NetTcpActivator - ok
    16:53:47.0340 7956 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    16:53:47.0340 7956 NetTcpPortSharing - ok
    16:53:47.0371 7956 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    16:53:47.0371 7956 nfrd960 - ok
    16:53:47.0434 7956 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    16:53:47.0434 7956 NlaSvc - ok
    16:53:47.0449 7956 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    16:53:47.0449 7956 Npfs - ok
    16:53:47.0465 7956 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    16:53:47.0465 7956 nsi - ok
    16:53:47.0480 7956 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    16:53:47.0480 7956 nsiproxy - ok
    16:53:47.0621 7956 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    16:53:47.0652 7956 Ntfs - ok
    16:53:47.0808 7956 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    16:53:47.0808 7956 Null - ok
    16:53:47.0855 7956 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    16:53:47.0886 7956 nvraid - ok
    16:53:47.0917 7956 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    16:53:47.0917 7956 nvstor - ok
    16:53:47.0949 7956 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    16:53:47.0964 7956 nv_agp - ok
    16:53:47.0995 7956 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    16:53:48.0011 7956 ohci1394 - ok
    16:53:48.0089 7956 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:53:48.0136 7956 ose - ok
    16:53:48.0557 7956 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:53:48.0619 7956 osppsvc - ok
    16:53:48.0775 7956 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    16:53:48.0791 7956 p2pimsvc - ok
    16:53:48.0853 7956 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    16:53:48.0853 7956 p2psvc - ok
    16:53:48.0931 7956 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    16:53:48.0931 7956 Parport - ok
    16:53:48.0978 7956 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
    16:53:48.0978 7956 partmgr - ok
    16:53:48.0994 7956 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    16:53:48.0994 7956 Parvdm - ok
    16:53:49.0025 7956 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    16:53:49.0025 7956 PcaSvc - ok
    16:53:49.0072 7956 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    16:53:49.0087 7956 pci - ok
    16:53:49.0103 7956 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    16:53:49.0103 7956 pciide - ok
    16:53:49.0165 7956 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    16:53:49.0181 7956 pcmcia - ok
    16:53:49.0212 7956 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    16:53:49.0212 7956 pcw - ok
    16:53:49.0259 7956 pdfcDispatcher - ok
    16:53:49.0321 7956 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    16:53:49.0337 7956 PEAUTH - ok
    16:53:49.0446 7956 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    16:53:49.0477 7956 PeerDistSvc - ok
    16:53:49.0649 7956 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    16:53:49.0680 7956 pla - ok
    16:53:49.0852 7956 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    16:53:49.0867 7956 PlugPlay - ok
    16:53:49.0914 7956 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
    16:53:49.0914 7956 Pml Driver HPZ12 - ok
    16:53:49.0945 7956 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    16:53:49.0945 7956 PNRPAutoReg - ok
    16:53:49.0977 7956 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    16:53:49.0977 7956 PNRPsvc - ok
    16:53:50.0055 7956 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    16:53:50.0055 7956 PolicyAgent - ok
    16:53:50.0117 7956 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    16:53:50.0133 7956 Power - ok
    16:53:50.0320 7956 ppped (d483893aa28f060d2b2cdb69586d1cdb) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
    16:53:50.0335 7956 ppped - ok
    16:53:50.0382 7956 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    16:53:50.0398 7956 PptpMiniport - ok
    16:53:50.0429 7956 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    16:53:50.0445 7956 Processor - ok
    16:53:50.0538 7956 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    16:53:50.0538 7956 ProfSvc - ok
    16:53:50.0585 7956 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    16:53:50.0601 7956 ProtectedStorage - ok
    16:53:50.0632 7956 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    16:53:50.0632 7956 Psched - ok
    16:53:50.0757 7956 QBCFMonitorService (933d92f0bd1d7a9835cd8a8b1235a11e) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    16:53:50.0757 7956 QBCFMonitorService - ok
    16:53:50.0850 7956 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    16:53:50.0866 7956 QBFCService - ok
    16:53:51.0037 7956 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    16:53:51.0037 7956 QBVSS - ok
    16:53:51.0287 7956 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    16:53:51.0334 7956 ql2300 - ok
    16:53:51.0428 7956 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    16:53:51.0443 7956 ql40xx - ok
    16:53:51.0490 7956 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    16:53:51.0490 7956 QWAVE - ok
    16:53:51.0506 7956 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    16:53:51.0521 7956 QWAVEdrv - ok
    16:53:51.0537 7956 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    16:53:51.0537 7956 RasAcd - ok
    16:53:51.0568 7956 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:53:51.0568 7956 RasAgileVpn - ok
    16:53:51.0584 7956 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    16:53:51.0584 7956 RasAuto - ok
    16:53:51.0599 7956 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:53:51.0615 7956 Rasl2tp - ok
    16:53:51.0677 7956 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    16:53:51.0677 7956 RasMan - ok
    16:53:51.0693 7956 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:53:51.0693 7956 RasPppoe - ok
    16:53:51.0724 7956 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    16:53:51.0724 7956 RasSstp - ok
    16:53:51.0786 7956 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    16:53:51.0802 7956 rdbss - ok
    16:53:51.0818 7956 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    16:53:51.0818 7956 rdpbus - ok
    16:53:51.0864 7956 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:53:51.0864 7956 RDPCDD - ok
    16:53:51.0880 7956 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    16:53:51.0896 7956 RDPDR - ok
    16:53:51.0927 7956 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    16:53:51.0927 7956 RDPENCDD - ok
    16:53:51.0942 7956 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    16:53:51.0942 7956 RDPREFMP - ok
    16:53:51.0989 7956 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
    16:53:52.0020 7956 RDPWD - ok
    16:53:52.0083 7956 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    16:53:52.0098 7956 rdyboost - ok
    16:53:52.0114 7956 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    16:53:52.0114 7956 RemoteAccess - ok
    16:53:52.0145 7956 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    16:53:52.0145 7956 RemoteRegistry - ok
    16:53:52.0317 7956 rgsender (559a9654f993b2fafe900043242874c2) c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
    16:53:52.0317 7956 rgsender - ok
    16:53:52.0348 7956 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    16:53:52.0348 7956 RpcEptMapper - ok
    16:53:52.0364 7956 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    16:53:52.0379 7956 RpcLocator - ok
    16:53:52.0442 7956 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    16:53:52.0442 7956 RpcSs - ok
    16:53:52.0488 7956 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    16:53:52.0504 7956 rspndr - ok
    16:53:52.0535 7956 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    16:53:52.0535 7956 s3cap - ok
    16:53:52.0566 7956 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    16:53:52.0566 7956 SamSs - ok
    16:53:52.0613 7956 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    16:53:52.0629 7956 sbp2port - ok
    16:53:52.0676 7956 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    16:53:52.0676 7956 SCardSvr - ok
    16:53:52.0722 7956 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    16:53:52.0738 7956 scfilter - ok
    16:53:52.0847 7956 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    16:53:52.0863 7956 Schedule - ok
    16:53:52.0910 7956 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    16:53:52.0910 7956 SCPolicySvc - ok
    16:53:52.0972 7956 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    16:53:52.0972 7956 SDRSVC - ok
    16:53:53.0019 7956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    16:53:53.0019 7956 secdrv - ok
    16:53:53.0050 7956 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    16:53:53.0050 7956 seclogon - ok
    16:53:53.0081 7956 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
    16:53:53.0097 7956 SENS - ok
    16:53:53.0128 7956 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    16:53:53.0128 7956 SensrSvc - ok
    16:53:53.0144 7956 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    16:53:53.0144 7956 Serenum - ok
    16:53:53.0175 7956 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    16:53:53.0175 7956 Serial - ok
    16:53:53.0222 7956 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    16:53:53.0237 7956 sermouse - ok
    16:53:53.0300 7956 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    16:53:53.0315 7956 SessionEnv - ok
    16:53:53.0346 7956 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    16:53:53.0362 7956 sffdisk - ok
    16:53:53.0378 7956 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    16:53:53.0393 7956 sffp_mmc - ok
    16:53:53.0409 7956 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    16:53:53.0409 7956 sffp_sd - ok
    16:53:53.0424 7956 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    16:53:53.0424 7956 sfloppy - ok
    16:53:53.0471 7956 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    16:53:53.0471 7956 SharedAccess - ok
    16:53:53.0549 7956 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    16:53:53.0549 7956 ShellHWDetection - ok
    16:53:53.0580 7956 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    16:53:53.0596 7956 sisagp - ok
    16:53:53.0627 7956 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:53:53.0627 7956 SiSRaid2 - ok
    16:53:53.0643 7956 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    16:53:53.0658 7956 SiSRaid4 - ok
    16:53:53.0674 7956 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    16:53:53.0690 7956 Smb - ok
    16:53:53.0986 7956 SmcService (0dc94380be7d36ae241029c72807692e) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    16:53:54.0002 7956 SmcService - ok
    16:53:54.0064 7956 SNAC (65e1ebf379856b677979802c8d5bcd87) C:\Program Files\Symantec\Symantec Endpoint
    Protection\SNAC.EXE
    16:53:54.0111 7956 SNAC - ok
    16:53:54.0267 7956 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    16:53:54.0267 7956 SNMPTRAP - ok
    16:53:54.0407 7956 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    16:53:54.0438 7956 SPBBCDrv - ok
    16:53:54.0470 7956 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    16:53:54.0470 7956 spldr - ok
    16:53:54.0532 7956 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    16:53:54.0548 7956 Spooler - ok
    16:53:54.0844 7956 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    16:53:54.0875 7956 sppsvc - ok
    16:53:55.0031 7956 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    16:53:55.0031 7956 sppuinotify - ok
    16:53:55.0125 7956 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
    16:53:55.0125 7956 SRTSP - ok
    16:53:55.0187 7956 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
    16:53:55.0219 7956 SRTSPL - ok
    16:53:55.0265 7956 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
    16:53:55.0265 7956 SRTSPX - ok
    16:53:55.0328 7956 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    16:53:55.0343 7956 srv - ok
    16:53:55.0375 7956 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    16:53:55.0390 7956 srv2 - ok
    16:53:55.0406 7956 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    16:53:55.0421 7956 srvnet - ok
    16:53:55.0453 7956 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    16:53:55.0468 7956 SSDPSRV - ok
    16:53:55.0484 7956 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    16:53:55.0484 7956 SstpSvc - ok
    16:53:55.0515 7956 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    16:53:55.0515 7956 stexstor - ok
    16:53:55.0609 7956 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
    16:53:55.0624 7956 StillCam - ok
    16:53:55.0796 7956 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    16:53:55.0811 7956 StiSvc - ok
    16:53:55.0843 7956 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    16:53:55.0843 7956 storflt - ok
    16:53:55.0858 7956 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
    16:53:55.0858 7956 StorSvc - ok
    16:53:55.0874 7956 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    16:53:55.0889 7956 storvsc - ok
    16:53:55.0905 7956 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    16:53:55.0905 7956 swenum - ok
    16:53:55.0952 7956 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    16:53:55.0983 7956 swprv - ok
    16:53:56.0264 7956 Symantec AntiVirus (f3a4ead0b3946e439f0397f7a4d09952) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    16:53:56.0279 7956 Symantec AntiVirus - ok
    16:53:56.0482 7956 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
    16:53:56.0498 7956 SymEvent - ok
    16:53:56.0545 7956 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
    16:53:56.0545 7956 SYMREDRV - ok
    16:53:56.0576 7956 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
    16:53:56.0576 7956 SYMTDI - ok
    16:53:56.0732 7956 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    16:53:56.0747 7956 SysMain - ok
    16:53:56.0810 7956 SysPlant (5dcc2c7acc29dfba5ba82ed47d99c7e5) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
    16:53:56.0810 7956 SysPlant - ok
    16:53:56.0857 7956 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    16:53:56.0872 7956 TabletInputService - ok
    16:53:56.0935 7956 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    16:53:56.0935 7956 TapiSrv - ok
    16:53:56.0966 7956 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    16:53:56.0981 7956 TBS - ok
    16:53:57.0137 7956 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
    16:53:57.0184 7956 Tcpip - ok
    16:53:57.0465 7956 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
    16:53:57.0481 7956 TCPIP6 - ok
    16:53:57.0637 7956 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    16:53:57.0637 7956 tcpipreg - ok
    16:53:57.0683 7956 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    16:53:57.0699 7956 TDPIPE - ok
    16:53:57.0730 7956 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
    16:53:57.0746 7956 TDTCP - ok
    16:53:57.0793 7956 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    16:53:57.0808 7956 tdx - ok
    16:53:57.0855 7956 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\Windows\system32\DRIVERS\teefer2.sys
    16:53:57.0871 7956 Teefer2 - ok
    16:53:57.0917 7956 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    16:53:57.0917 7956 TermDD - ok
    16:53:58.0011 7956 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    16:53:58.0027 7956 TermService - ok
    16:53:58.0058 7956 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    16:53:58.0058 7956 Themes - ok
    16:53:58.0089 7956 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    16:53:58.0089 7956 THREADORDER - ok
    16:53:58.0120 7956 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
    16:53:58.0120 7956 TPM - ok
    16:53:58.0151 7956 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    16:53:58.0151 7956 TrkWks - ok
    16:53:58.0229 7956 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    16:53:58.0261 7956 TrustedInstaller - ok
    16:53:58.0276 7956 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:53:58.0292 7956 tssecsrv - ok
    16:53:58.0323 7956 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    16:53:58.0354 7956 TsUsbFlt - ok
    16:53:58.0417 7956 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    16:53:58.0432 7956 tunnel - ok
    16:53:58.0464 7956 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    16:53:58.0479 7956 uagp35 - ok
    16:53:58.0573 7956 uagqecsvc (9474ece6561990f7eb443e80cdfd2951) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
    16:53:58.0573 7956 uagqecsvc - ok
    16:53:58.0635 7956 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    16:53:58.0666 7956 udfs - ok
    16:53:58.0698 7956 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    16:53:58.0698 7956 UI0Detect - ok
    16:53:58.0744 7956 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    16:53:58.0744 7956 uliagpkx - ok
    16:53:58.0791 7956 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    16:53:58.0791 7956 umbus - ok
    16:53:58.0822 7956 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    16:53:58.0838 7956 UmPass - ok
    16:53:58.0900 7956 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    16:53:58.0900 7956 UmRdpService - ok
    16:53:58.0932 7956 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    16:53:58.0947 7956 upnphost - ok
    16:53:58.0994 7956 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
    16:53:58.0994 7956 USBAAPL - ok
    16:53:59.0056 7956 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:53:59.0056 7956 usbccgp - ok
    16:53:59.0103 7956 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    16:53:59.0134 7956 usbcir - ok
    16:53:59.0166 7956 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    16:53:59.0166 7956 usbehci - ok
    16:53:59.0212 7956 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    16:53:59.0228 7956 usbhub - ok
    16:53:59.0244 7956 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
    16:53:59.0244 7956 usbohci - ok
    16:53:59.0275 7956 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    16:53:59.0275 7956 usbprint - ok
    16:53:59.0290 7956 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    16:53:59.0290 7956 usbscan - ok
    16:53:59.0322 7956 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:53:59.0322 7956 USBSTOR - ok
    16:53:59.0337 7956 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    16:53:59.0337 7956 usbuhci - ok
    16:53:59.0384 7956 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    16:53:59.0384 7956 UxSms - ok
    16:53:59.0478 7956 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    16:53:59.0478 7956 VaultSvc - ok
    16:53:59.0524 7956 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    16:53:59.0524 7956 vdrvroot - ok
    16:53:59.0618 7956 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    16:53:59.0634 7956 vds - ok
    16:53:59.0665 7956 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:53:59.0665 7956 vga - ok
    16:53:59.0680 7956 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    16:53:59.0680 7956 VgaSave - ok
    16:53:59.0727 7956 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    16:53:59.0727 7956 vhdmp - ok
    16:53:59.0774 7956 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    16:53:59.0774 7956 viaagp - ok
    16:53:59.0805 7956 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    16:53:59.0805 7956 ViaC7 - ok
    16:53:59.0821 7956 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    16:53:59.0836 7956 viaide - ok
    16:53:59.0852 7956 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    16:53:59.0868 7956 vmbus - ok
    16:53:59.0868 7956 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    16:53:59.0868 7956 VMBusHID - ok
    16:53:59.0899 7956 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    16:53:59.0899 7956 volmgr - ok
    16:53:59.0930 7956 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    16:53:59.0946 7956 volmgrx - ok
    16:53:59.0977 7956 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    16:53:59.0977 7956 volsnap - ok
    16:54:00.0008 7956 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    16:54:00.0024 7956 vsmraid - ok
    16:54:00.0148 7956 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    16:54:00.0164 7956 VSS - ok
    16:54:00.0180 7956 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    16:54:00.0195 7956 vwifibus - ok
    16:54:00.0242 7956 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    16:54:00.0242 7956 W32Time - ok
    16:54:00.0273 7956 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    16:54:00.0289 7956 WacomPen - ok
    16:54:00.0336 7956 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    16:54:00.0336 7956 WANARP - ok
    16:54:00.0336 7956 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    16:54:00.0336 7956 Wanarpv6 - ok
    16:54:00.0507 7956 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    16:54:00.0554 7956 WatAdminSvc - ok
    16:54:00.0866 7956 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    16:54:00.0882 7956 wbengine - ok
    16:54:00.0928 7956 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    16:54:00.0928 7956 WbioSrvc - ok
    16:54:01.0006 7956 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    16:54:01.0006 7956 wcncsvc - ok
    16:54:01.0022 7956 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    16:54:01.0022 7956 WcsPlugInService - ok
    16:54:01.0069 7956 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    16:54:01.0084 7956 Wd - ok
    16:54:01.0131 7956 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    16:54:01.0147 7956 Wdf01000 - ok
    16:54:01.0162 7956 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    16:54:01.0162 7956 WdiServiceHost - ok
    16:54:01.0178 7956 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    16:54:01.0178 7956 WdiSystemHost - ok
    16:54:01.0225 7956 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    16:54:01.0240 7956 WebClient - ok
    16:54:01.0287 7956 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    16:54:01.0287 7956 Wecsvc - ok
    16:54:01.0303 7956 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    16:54:01.0318 7956 wercplsupport - ok
    16:54:01.0334 7956 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    16:54:01.0350 7956 WerSvc - ok
    16:54:01.0381 7956 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    16:54:01.0381 7956 WfpLwf - ok
    16:54:01.0396 7956 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    16:54:01.0412 7956 WIMMount - ok
    16:54:01.0552 7956 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    16:54:01.0599 7956 WinDefend - ok
    16:54:01.0615 7956 WinHttpAutoProxySvc - ok
    16:54:01.0662 7956 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    16:54:01.0693 7956 Winmgmt - ok
    16:54:01.0849 7956 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    16:54:01.0865 7956 WinRM - ok
    16:54:01.0927 7956 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    16:54:01.0943 7956 WinUsb - ok
    16:54:02.0021 7956 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    16:54:02.0052 7956 Wlansvc - ok
    16:54:02.0099 7956 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    16:54:02.0099 7956 WmiAcpi - ok
    16:54:02.0161 7956 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    16:54:02.0223 7956 wmiApSrv - ok
    16:54:02.0395 7956 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    16:54:02.0442 7956 WMPNetworkSvc - ok
    16:54:02.0598 7956 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    16:54:02.0598 7956 WPCSvc - ok
    16:54:02.0645 7956 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    16:54:02.0660 7956 WPDBusEnum - ok
    16:54:02.0754 7956 WPS (e8e745b8eee63c7cf7d34833d3b8ca7f) C:\Windows\system32\drivers\wpsdrvnt.sys
    16:54:02.0754 7956 WPS - ok
    16:54:02.0801 7956 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
    16:54:02.0801 7956 WpsHelper - ok
    16:54:02.0816 7956 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    16:54:02.0832 7956 ws2ifsl - ok
    16:54:02.0832 7956 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
    16:54:02.0847 7956 wscsvc - ok
    16:54:02.0847 7956 WSearch - ok
    16:54:03.0050 7956 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    16:54:03.0081 7956 wuauserv - ok
    16:54:03.0253 7956 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    16:54:03.0253 7956 WudfPf - ok
    16:54:03.0284 7956 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:54:03.0315 7956 WUDFRd - ok
    16:54:03.0362 7956 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    16:54:03.0362 7956 wudfsvc - ok
    16:54:03.0393 7956 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    16:54:03.0409 7956 WwanSvc - ok
    16:54:03.0425 7956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    16:54:03.0456 7956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    16:54:03.0456 7956 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    16:54:03.0487 7956 Boot (0x1200) (61210dc8c0e52e4aba3ecfe91b3edbc5) \Device\Harddisk0\DR0\Partition0
    16:54:03.0487 7956 \Device\Harddisk0\DR0\Partition0 - ok
    16:54:03.0503 7956 Boot (0x1200) (0a7dbc095e6616cdade9535dfc60f455) \Device\Harddisk0\DR0\Partition1
    16:54:03.0518 7956 \Device\Harddisk0\DR0\Partition1 - ok
    16:54:03.0549 7956 Boot (0x1200) (607d97e02b09d2b0c69208b91771626f) \Device\Harddisk0\DR0\Partition2
    16:54:03.0549 7956 \Device\Harddisk0\DR0\Partition2 - ok
    16:54:03.0549 7956 ============================================================
    16:54:03.0549 7956 Scan finished
    16:54:03.0549 7956 ============================================================
    16:54:03.0643 7568 Detected object count: 1
    16:54:03.0643 7568 Actual detected object count: 1
    16:54:26.0296 7568 \Device\Harddisk0\DR0\# - copied to quarantine
    16:54:26.0296 7568 \Device\Harddisk0\DR0 - copied to quarantine
    16:54:26.0358 7568 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    16:54:26.0374 7568 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    16:54:26.0374 7568 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    16:54:26.0405 7568 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    16:54:26.0420 7568 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    16:54:26.0436 7568 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    16:54:26.0436 7568 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    16:54:26.0436 7568 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    16:54:26.0452 7568 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    16:54:26.0452 7568 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    16:54:26.0467 7568 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    16:54:26.0467 7568 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    16:54:26.0498 7568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    16:54:26.0498 7568 \Device\Harddisk0\DR0 - ok
    16:54:27.0107 7568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    16:54:32.0177 6156 Deinitialize success
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very good :)

    Please re-run TDSSKiller one more time.
     
  21. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    Nothing found no log created
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  23. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    ComboFix 12-06-05.04 - drgewirtz 06/06/2012 8:33.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1846 [GMT -4:00]
    Running from: c:\users\drgewirtz\Desktop\antiviral\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\drgewirtz\g2ax_customer_downloadhelper_win32_x86.exe
    c:\users\drgewirtz\g2mdlhlpx.exe
    c:\users\drgewirtz\GoToAssistDownloadHelper.exe
    c:\users\Office\GoToAssistDownloadHelper.exe
    c:\windows\~GLC0000.TMP
    c:\windows\~GLH0000.TMP
    c:\windows\~GLH0001.TMP
    c:\windows\system32\zip32.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-06 12:42 . 2012-06-06 12:44 -------- d-----w- c:\users\drgewirtz\AppData\Local\temp
    2012-06-06 12:42 . 2012-06-06 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-06 12:42 . 2012-06-06 12:42 -------- d-----w- c:\users\administrator\AppData\Local\temp
    2012-06-05 20:54 . 2012-06-05 20:54 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-01 12:58 . 2012-06-01 12:58 -------- d-----w- c:\users\drgewirtz\AppData\Roaming\Malwarebytes
    2012-06-01 12:56 . 2012-06-01 12:56 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-01 12:56 . 2012-06-01 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-01 12:56 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Roaming\ICAClient
    2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Local\LogMeIn
    2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Local\Intuit
    2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Local\Citrix
    2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Roaming\Apple Computer
    2012-05-21 15:45 . 2012-05-21 15:45 -------- d-----w- c:\users\drgewirtz\AppData\Local\HP
    2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2012-05-18 13:20 . 2012-05-18 13:20 -------- d-----w- c:\program files\QuickTime
    2012-05-12 02:39 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-12 02:39 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 02:39 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-05-12 02:39 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-05-12 02:39 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-05-12 02:39 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-12 02:39 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-12 02:39 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-05-12 02:38 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-12 02:38 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-22 12:57 . 2010-11-04 18:45 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-05-22 12:57 . 2010-11-04 18:45 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2012-05-22 12:57 . 2010-11-04 18:45 30592 ----a-w- c:\windows\system32\LMIport.dll
    2012-05-22 12:57 . 2010-11-04 18:45 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2012-05-05 13:23 . 2012-04-02 15:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-05 13:23 . 2011-05-16 13:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-05 13:23 . 2012-04-16 01:23 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-09-08 22:05 881808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-09-08 22:05 881808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-09-08 22:05 881808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-27 39408]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-08 10025576]
    "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-10-30 115560]
    "HP Color LaserJet CM2320 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe" [2009-09-23 2453504]
    "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-29 336384]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-04-09 316864]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-09-08 1016464]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    .
    c:\users\drgewirtz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
    QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2009\QBW32.EXE [2012-3-14 1178984]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2010-11-02 02:39 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 136176]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-03-16 468368]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 136176]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1343400]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 176128]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-29 284160]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
    S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-07-10 110592]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-05-22 374152]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-05-31 12856]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
    S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
    S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
    S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2009-12-14 149904]
    S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 6652928]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 232960]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-02 102448]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 17551534
    *NewlyCreated* - 65713946
    *Deregistered* - 17551534
    *Deregistered* - 65713946
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:23]
    .
    2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 19:06]
    .
    2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 19:06]
    .
    2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3576482904-1308803037-2723772800-1000Core.job
    - c:\users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 16:21]
    .
    2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3576482904-1308803037-2723772800-1000UA.job
    - c:\users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 16:21]
    .
    2012-05-30 c:\windows\Tasks\HPCeeScheduleFordrgewirtz.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    LSP: c:\progra~1\MICROS~2\ENDPOI~1\318FB7~1.0\WhlLSP.dll
    Trusted Zone: gatewayedi.com\mytools
    Trusted Zone: gewirtz-server
    Trusted Zone: infinittna.com\sn
    TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
    TCP: Interfaces\{42E0AB8B-0713-409B-8232-95614B27EFCB}: NameServer = 192.168.111.16,192.168.111.1
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    DPF: MIW Deployment - hxxps://pacs.ramicimaging.com/downloads/MIWDeploy.cab
    DPF: {786E2AA4-522B-4AE3-910C-1E8EB4D32239} - hxxps://sn.infinittna.com/SmartUpdate.Cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-Symantec Antvirus
    AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-06 08:55:51
    ComboFix-quarantined-files.txt 2012-06-06 12:55
    .
    Pre-Run: 78,777,520,128 bytes free
    Post-Run: 79,405,350,912 bytes free
    .
    - - End Of File - - 346F8C9E5C0A995EE64B75566C7FF094
     
  24. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    Wasnt sure if I can go back to using my computer yet. I wentto open my Electronic medical record and quickbooks but they are blocked so I neeed to know if I can restore and use them or what the next step is. Thank you.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I need more details.

    Combofix log looks good.

    Is Norton still complaining?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...