also @ TechSpot: OCZ Vertex 450 SSD Review

Fake Windows 2012 anti-virus removed? Having Internet/firewall issues

Discussion in 'Virus and Malware Removal' started by mlw038, Dec 22, 2011.

Page 3 of 4

  1. mlw038 Newcomer, in training Posts: 36

    Internet works again. Comodo informed me about mmsr.exe trying to run and I blocked it.

    Farbar Service Scanner
    Ran by Welch (administrator) on 21-01-2012 at 23:49:09
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    Attention! C:\Windows\system32\Drivers\afd.sys is missing.
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    ComboFix 12-01-19.02 - Welch 01/21/2012 23:05:18.6.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1324 [GMT -5:00]
    Running from: c:\users\Welch\Desktop\ComboFix.exe
    Command switches used :: c:\users\Welch\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --> c:\windows\system32\Drivers\afd.sys
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-22 04:12 . 2012-01-22 04:12 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-01-22 04:12 . 2012-01-22 04:12 -------- d-----w- c:\users\EGTransServer\AppData\Local\temp
    2012-01-22 04:12 . 2012-01-22 04:12 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-01-22 04:12 . 2012-01-22 04:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-22 04:12 . 2012-01-22 04:12 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
    2012-01-22 04:05 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-01-22 04:03 . 2012-01-22 04:03 -------- d-----w- c:\users\Welch\AppData\Local\Comodo
    2012-01-22 04:03 . 2012-01-22 04:03 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A743E67-23AE-4A60-89CC-F9B8F9F5B1B0}\MpKsl91683ffb.sys
    2012-01-21 18:42 . 2012-01-21 18:42 -------- d-----w- C:\_OTL
    2012-01-21 17:14 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A743E67-23AE-4A60-89CC-F9B8F9F5B1B0}\mpengine.dll
    2011-12-30 22:00 . 2011-12-30 22:00 -------- d-----w- c:\program files\Common Files\ffdshowEx
    2011-12-29 18:00 . 2012-01-22 04:12 -------- d-----w- c:\users\Welch\AppData\Local\temp
    2011-12-29 17:59 . 2010-11-20 08:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2011-12-29 17:42 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2011-12-27 03:49 . 2012-01-07 21:09 -------- d-----w- c:\programdata\CPA_VA
    2011-12-27 03:42 . 2011-12-27 03:45 -------- d-----w- c:\programdata\Comodo
    2011-12-27 03:42 . 2011-12-27 03:42 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2011-12-27 03:42 . 2011-12-27 03:42 -------- d-----w- c:\program files\COMODO
    2011-12-26 23:02 . 2011-11-21 07:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-23 02:32 . 2011-12-23 02:32 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ABC2FD0-C57A-4D7B-B07A-2137ACC1186E}\gapaengine.dll
    2011-12-19 23:59 . 2011-12-19 23:59 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-12-19 23:59 . 2011-12-19 23:59 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-12-19 23:59 . 2011-12-19 23:59 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 23:59 . 2011-12-19 23:59 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 23:58 . 2011-12-19 23:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\system32\guard32.dll
    2011-12-05 17:56 . 2010-01-14 16:00 952 --sha-w- c:\programdata\KGyGaAvL.sys
    2011-11-24 04:25 . 2011-12-14 03:03 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-11-10 10:54 . 2010-06-28 21:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-08 12:27 . 2011-11-08 12:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-05 04:35 . 2011-12-14 03:03 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 04:26 . 2011-12-14 03:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 02:48 . 2011-12-14 03:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-26 04:47 . 2011-12-14 03:02 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-26 04:47 . 2011-12-14 03:02 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-26 04:28 . 2011-12-14 03:02 38912 ----a-w- c:\windows\system32\csrsrv.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-01-29 32768]
    "GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-07-14 39816]
    "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe" [2011-11-08 243360]
    .
    c:\users\Welch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Welch\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\users\Welch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2009-12-18 40368]
    Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2009-12-18 738776]
    Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5889880]
    NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-3-29 4577760]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
    QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-11-9 1178984]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2008-06-25 65536]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 2WXG7053;2W 802.11g XG705 SP3 Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2007-04-24 358304]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2007-03-27 857600]
    R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 135664]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 135664]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-12-19 491816]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 39640]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
    S2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [2011-12-23 5423992]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-06 699896]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL91683FFB
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    NecUsbSevice REG_MULTI_SZ NecUsb
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 23:54]
    .
    2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 23:54]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = http=127.0.0.1:53172
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {{90A81828-92DB-400e-AECD-78C540F5EB49} - c:\program files\eGrabber\AddressGrabber Business 2010\InternetAddress.exe
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{48C9BFA9-EF0D-4489-934E-C8C8E54983BD}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{48C9BFA9-EF0D-4489-934E-C8C8E54983BD}\541676C656F4E656: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{C3AEE420-1FF5-42AC-A7A3-691E806C986A}: NameServer = 8.26.56.26,156.154.70.22
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.dfsc]
    "ImagePath"="\*"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-274280530-1200791623-3899067147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-274280530-1200791623-3899067147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(524)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'Explorer.exe'(2288)
    c:\windows\system32\guard32.dll
    c:\users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll
    .
    Completion time: 2012-01-21 23:15:12
    ComboFix-quarantined-files.txt 2012-01-22 04:15
    ComboFix2.txt 2012-01-21 16:48
    ComboFix3.txt 2012-01-07 21:14
    ComboFix4.txt 2012-01-07 01:03
    ComboFix5.txt 2012-01-22 04:04
    .
    Pre-Run: 233,432,154,112 bytes free
    Post-Run: 233,241,640,960 bytes free
    .
    - - End Of File - - 2B5BF2C1458E7660546E51AFA8562040
    mlw038, Jan 21, 2012
    #41

  2. Broni Malware Annihilator Posts: 39,379   +177

    Continue with other steps from my reply #38.
    Broni, Jan 22, 2012
    #42

  3. mlw038 Newcomer, in training Posts: 36

    Internet stopped working after I ran TFC and it reboot. I guess I need to redo post #25 again, but I'll wait until you give the go ahead. Here's SecurityCheck and FSS. I couldn't run ESET due to internet not working and was going to run it last.

    Results of screen317's Security Check version 0.99.24
    Windows 7 Service Pack 1 x86 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    ESET Online Scanner v3
    MuseScore 1.1 MuseScore score typesetter
    COMODO Internet Security
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 30
    Adobe Flash Player ( 10.1.53.64) Flash Player Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    MediaMall MediaMallServer.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````

    Farbar Service Scanner
    Ran by Welch (administrator) on 22-01-2012 at 01:16:07
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    Attention! C:\Windows\system32\Drivers\afd.sys is missing.
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
    mlw038, Jan 22, 2012
    #43

  4. Broni Malware Annihilator Posts: 39,379   +177

    Uninstall Comodo.
    Now you should be able to turn Windows firewall on.

    Redo post #25 again.
    Broni, Jan 22, 2012
    #44

  5. mlw038 Newcomer, in training Posts: 36

    Internet works again. I'm able to turn my firewall back on again as well so I did that. Here's FSS. ESET didn't produce a report.

    Farbar Service Scanner
    Ran by Welch (administrator) on 23-01-2012 at 06:47:47
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    Attention! C:\Windows\system32\Drivers\afd.sys is missing.
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
    no report
    mlw038, Jan 23, 2012
    #45

  6. Broni Malware Annihilator Posts: 39,379   +177

    Good. Somehow I had a feeling it was Comodo removing that file on restart.

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ============================================================

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Jan 23, 2012
    #46
     

  7. mlw038 Newcomer, in training Posts: 36

    Internet isn't working again. Do you want me to do any of the other things in your post or...? I'll be home today through Monday to be able to do things and then I can't do things again til Friday for that computer.

    Farbar Service Scanner
    Ran by Welch (administrator) on 28-01-2012 at 15:44:43
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    afd Service is not running. Checking service configuration:
    The start type of afd service is OK.
    The ImagePath of afd service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    Attention! C:\Windows\system32\Drivers\afd.sys is missing.
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
    mlw038, Jan 28, 2012
    #47

  8. Broni Malware Annihilator Posts: 39,379   +177

    We have same file missing again.

    Redo post #25 again.
    Broni, Jan 28, 2012
    #48

  9. mlw038 Newcomer, in training Posts: 36

    Okay so I did a FSS scan before I did anything. I did the things in post 25 and then whenever I clicked on a program I received this error: "illegal operation attempted on a registry key that has been marked for deletion". I then restarted the computer and the internet worked. So I did an FSS scan to show you that it worked. I then restarted the computer again and the internet didn't work so I did another FSS scan. The internet said limited or low connectivity. Here are all the logs posted in order from what I did.

    Before I touched anthing FSS
    Farbar Service Scanner
    Ran by Welch (administrator) on 29-01-2012 at 22:00:58
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    afd Service is not running. Checking service configuration:
    The start type of afd service is OK.
    The ImagePath of afd service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    Attention! C:\Windows\system32\Drivers\afd.sys is missing.
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    Combofix stuff done
    ComboFix 12-01-29.02 - Welch 01/29/2012 22:09:12.9.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1437 [GMT -5:00]
    Running from: c:\users\Welch\Desktop\ComboFix.exe
    Command switches used :: c:\users\Welch\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --> c:\windows\system32\Drivers\afd.sys
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-30 03:14 . 2012-01-30 03:14 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-01-30 03:14 . 2012-01-30 03:14 -------- d-----w- c:\users\EGTransServer\AppData\Local\temp
    2012-01-30 03:14 . 2012-01-30 03:14 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-01-30 03:14 . 2012-01-30 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-21 18:42 . 2012-01-21 18:42 -------- d-----w- C:\_OTL
    2012-01-21 16:30 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-21 16:30 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
    2012-01-21 16:30 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
    2012-01-21 16:30 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-06 04:19 . 2011-12-26 23:02 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-01-04 09:26 . 2010-01-14 17:21 236576 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-27 03:42 . 2011-12-27 03:42 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2011-12-23 02:32 . 2011-12-23 02:32 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ABC2FD0-C57A-4D7B-B07A-2137ACC1186E}\gapaengine.dll
    2011-12-05 17:56 . 2010-01-14 16:00 952 --sha-w- c:\programdata\KGyGaAvL.sys
    2011-11-24 04:25 . 2011-12-14 03:03 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-11-10 10:54 . 2010-06-28 21:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-08 12:27 . 2011-11-08 12:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-05 04:35 . 2011-12-14 03:03 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 04:26 . 2011-12-14 03:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 02:48 . 2011-12-14 03:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-01-29 32768]
    "GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-07-14 39816]
    "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe" [2011-11-08 243360]
    .
    c:\users\Welch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Welch\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\users\Welch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2009-12-18 40368]
    Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2009-12-18 738776]
    Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5889880]
    NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-3-29 4577760]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
    QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-11-9 1178984]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 SASDIFSV;SASDIFSV;c:\users\Welch\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\users\Welch\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x]
    R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2008-06-25 65536]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 NecUsb;USB Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]
    R3 2WXG7053;2W 802.11g XG705 SP3 Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2007-04-24 358304]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2007-03-27 857600]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 SASENUM;SASENUM;c:\users\Welch\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 135664]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 135664]
    R4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
    S1 aswSP;aswSP; [x]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
    S2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [2012-01-29 5154680]
    S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 3795560]
    S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-06 699896]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    NecUsbSevice REG_MULTI_SZ NecUsb
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 23:54]
    .
    2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 23:54]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = http=127.0.0.1:53172
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {{90A81828-92DB-400e-AECD-78C540F5EB49} - c:\program files\eGrabber\AddressGrabber Business 2010\InternetAddress.exe
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{48C9BFA9-EF0D-4489-934E-C8C8E54983BD}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{48C9BFA9-EF0D-4489-934E-C8C8E54983BD}\541676C656F4E656: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{C3AEE420-1FF5-42AC-A7A3-691E806C986A}: NameServer = 8.26.56.26,156.154.70.22
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.dfsc]
    "ImagePath"="\*"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-274280530-1200791623-3899067147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-274280530-1200791623-3899067147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3740)
    c:\users\Welch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll
    .
    Completion time: 2012-01-29 22:18:03
    ComboFix-quarantined-files.txt 2012-01-30 03:18
    ComboFix2.txt 2012-01-29 03:16
    ComboFix3.txt 2012-01-23 00:50
    ComboFix4.txt 2012-01-22 04:15
    ComboFix5.txt 2012-01-30 03:08
    .
    Pre-Run: 233,823,862,784 bytes free
    Post-Run: 233,770,041,344 bytes free
    .
    - - End Of File - - 3DB062A7B20E861B128FB4875F493F3E
    mlw038, Jan 29, 2012
    #49

  10. mlw038 Newcomer, in training Posts: 36

    FSS after reboot and seeing illegal operations on registry keys
    Farbar Service Scanner
    Ran by Welch (administrator) on 29-01-2012 at 22:30:20
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    Attention! C:\Windows\system32\Drivers\afd.sys is missing.
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    FSS after another reboot and internet stopped working
    Farbar Service Scanner
    Ran by Welch (administrator) on 29-01-2012 at 22:33:07
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    afd Service is not running. Checking service configuration:
    The start type of afd service is OK.
    The ImagePath of afd service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    Attention! C:\Windows\system32\Drivers\afd.sys is missing.
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****Farbar Service Scanner
    Ran by Welch (administrator) on 29-01-2012 at 22:33:07
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    afd Service is not running. Checking service configuration:
    The start type of afd service is OK.
    The ImagePath of afd service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    Attention! C:\Windows\system32\Drivers\afd.sys is missing.
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
    mlw038, Jan 29, 2012
    #50

  11. mlw038 Newcomer, in training Posts: 36

    If there's anything else I can do to help isolate why the fix keeps getting deleted somehow please let me know. I hope me going through and posting all the FSS logs helped a little bit.
    mlw038, Jan 29, 2012
    #51

  12. Broni Malware Annihilator Posts: 39,379   +177

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ==============================================================

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
    Broni, Jan 29, 2012
    #52

  13. mlw038 Newcomer, in training Posts: 36

    Offtopic (I'll be at home in 5 hours to produce those logs to see what's going on),
    I have a laptop that's basically been having the same issues. Got the same virus and I took it to a PC tech shop and they fixed it. After a little while though, the internet stopped working and it won't even connect through an ethernet cable. Should I create a new topic and just label it "Can't connect to internet"? Should I also just do the same 5 step process?

    Thanks for all your help!
    mlw038, Jan 30, 2012
    #53

  14. Broni Malware Annihilator Posts: 39,379   +177

    Yes.
    Broni, Jan 30, 2012
    #54

  15. mlw038 Newcomer, in training Posts: 36

    Bootkit
    .\debug.cpp(238) : Debug log started at 30.01.2012 - 20:08:10
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 32-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x82e55000 0x00412000 "\SystemRoot\system32\ntkrnlpa.exe"
    .\debug.cpp(256) : 0x82e1e000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
    .\debug.cpp(256) : 0x80bd4000 0x00008000 "\SystemRoot\system32\kdcom.dll"
    .\debug.cpp(256) : 0x8880a000 0x00085000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
    .\debug.cpp(256) : 0x8888f000 0x00011000 "\SystemRoot\system32\PSHED.dll"
    .\debug.cpp(256) : 0x888a0000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0x888a8000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
    .\debug.cpp(256) : 0x888ea000 0x000ab000 "\SystemRoot\system32\CI.dll"
    .\debug.cpp(256) : 0x88a00000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
    .\debug.cpp(256) : 0x88a71000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
    .\debug.cpp(256) : 0x88a7f000 0x00048000 "\SystemRoot\system32\drivers\ACPI.sys"
    .\debug.cpp(256) : 0x88ac7000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
    .\debug.cpp(256) : 0x88ad0000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
    .\debug.cpp(256) : 0x88ad8000 0x0002a000 "\SystemRoot\system32\drivers\pci.sys"
    .\debug.cpp(256) : 0x88b02000 0x0000b000 "\SystemRoot\system32\drivers\vdrvroot.sys"
    .\debug.cpp(256) : 0x88b0d000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
    .\debug.cpp(256) : 0x88b1e000 0x00010000 "\SystemRoot\system32\drivers\volmgr.sys"
    .\debug.cpp(256) : 0x88b2e000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
    .\debug.cpp(256) : 0x88b79000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys"
    .\debug.cpp(256) : 0x88b80000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
    .\debug.cpp(256) : 0x88b8e000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
    .\debug.cpp(256) : 0x88ba4000 0x0002a000 "\SystemRoot\system32\drivers\vmbus.sys"
    .\debug.cpp(256) : 0x88bce000 0x00012000 "\SystemRoot\system32\drivers\winhv.sys"
    .\debug.cpp(256) : 0x88be0000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
    .\debug.cpp(256) : 0x88995000 0x00023000 "\SystemRoot\system32\drivers\ataport.SYS"
    .\debug.cpp(256) : 0x88be9000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys"
    .\debug.cpp(256) : 0x88bf3000 0x00009000 "\SystemRoot\system32\drivers\amdxata.sys"
    .\debug.cpp(256) : 0x889b8000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
    .\debug.cpp(256) : 0x889ec000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
    .\debug.cpp(256) : 0x88c00000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
    .\debug.cpp(256) : 0x88d2f000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
    .\debug.cpp(256) : 0x88d5a000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
    .\debug.cpp(256) : 0x88d6d000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
    .\debug.cpp(256) : 0x88dca000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
    .\debug.cpp(256) : 0x88dd8000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
    .\debug.cpp(256) : 0x88e2b000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
    .\debug.cpp(256) : 0x88ee2000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
    .\debug.cpp(256) : 0x88f20000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
    .\debug.cpp(256) : 0x89009000 0x0014a000 "\SystemRoot\System32\drivers\tcpip.sys"
    .\debug.cpp(256) : 0x89153000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
    .\debug.cpp(256) : 0x89184000 0x00009000 "\SystemRoot\system32\DRIVERS\scmndisp.sys"
    .\debug.cpp(256) : 0x8918d000 0x00009000 "\SystemRoot\system32\drivers\vmstorfl.sys"
    .\debug.cpp(256) : 0x89196000 0x0003f000 "\SystemRoot\system32\drivers\volsnap.sys"
    .\debug.cpp(256) : 0x891d5000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
    .\debug.cpp(256) : 0x88f45000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
    .\debug.cpp(256) : 0x891dd000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
    .\debug.cpp(256) : 0x891ed000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
    .\debug.cpp(256) : 0x88f72000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
    .\debug.cpp(256) : 0x88fa4000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
    .\debug.cpp(256) : 0x88fb5000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0x8dc2b000 0x00027000 "\SystemRoot\system32\DRIVERS\MpFilter.sys"
    .\debug.cpp(256) : 0x8dc52000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0x8dc59000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0x8dc60000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0x8dc6c000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0x8dc8d000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
    .\debug.cpp(256) : 0x8dc9a000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0x8dca2000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
    .\debug.cpp(256) : 0x8dcaa000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
    .\debug.cpp(256) : 0x8dcb2000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0x8dcbd000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0x8dccb000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
    .\debug.cpp(256) : 0x8dce2000 0x0000c000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0x8dcee000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
    .\debug.cpp(256) : 0x8dcf8000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
    .\debug.cpp(256) : 0x8dcfd000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0x8dd2f000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
    .\debug.cpp(256) : 0x8dd38000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
    .\debug.cpp(256) : 0x8dd3f000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
    .\debug.cpp(256) : 0x8dd5e000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
    .\debug.cpp(256) : 0x8dd6f000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0x8dd7d000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
    .\debug.cpp(256) : 0x8dd97000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0x8ddaa000 0x00011000 "\SystemRoot\system32\drivers\termdd.sys"
    .\debug.cpp(256) : 0x8ddbb000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0x8dc00000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
    .\debug.cpp(256) : 0x8dc0a000 0x0000a000 "\SystemRoot\system32\drivers\mssmbios.sys"
    .\debug.cpp(256) : 0x8dc14000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
    .\debug.cpp(256) : 0x8de39000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
    .\debug.cpp(256) : 0x8de9d000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
    .\debug.cpp(256) : 0x8deab000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"
    .\debug.cpp(256) : 0x8ded2000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
    .\debug.cpp(256) : 0x8def3000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
    .\debug.cpp(256) : 0x8f00b000 0x00a7e000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
    .\debug.cpp(256) : 0x8fa89000 0x00002000 "\SystemRoot\system32\DRIVERS\nvBridge.kmd"
    .\debug.cpp(256) : 0x8fa8b000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
    .\debug.cpp(256) : 0x8fb42000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
    .\debug.cpp(256) : 0x8fb7b000 0x0001f000 "\SystemRoot\system32\drivers\HDAudBus.sys"
    .\debug.cpp(256) : 0x8fb9a000 0x0003c000 "\SystemRoot\system32\DRIVERS\b57nd60x.sys"
    .\debug.cpp(256) : 0x8fbd6000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
    .\debug.cpp(256) : 0x8df05000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0x8fbe1000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0x8df50000 0x00018000 "\SystemRoot\system32\drivers\i8042prt.sys"
    .\debug.cpp(256) : 0x8fbf0000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0x8df68000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
    .\debug.cpp(256) : 0x8f000000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
    .\debug.cpp(256) : 0x8df80000 0x0000d000 "\SystemRoot\system32\drivers\CompositeBus.sys"
    .\debug.cpp(256) : 0x8df8d000 0x00009000 "\SystemRoot\system32\drivers\povrtdev.sys"
    .\debug.cpp(256) : 0x8df96000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0x8dfc5000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0x8de00000 0x00034000 "\SystemRoot\system32\drivers\ks.sys"
    .\debug.cpp(256) : 0x8dfde000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
    .\debug.cpp(256) : 0x88e11000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0x8dff0000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0x8e834000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0x8e856000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0x8e86e000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0x8e885000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
    .\debug.cpp(256) : 0x8e89c000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
    .\debug.cpp(256) : 0x8e8a6000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0x8e8b3000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
    .\debug.cpp(256) : 0x8e8b5000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
    .\debug.cpp(256) : 0x8e8c3000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0x8e907000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0x8e918000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
    .\debug.cpp(256) : 0x8e968000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
    .\debug.cpp(256) : 0x8e975000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
    .\debug.cpp(256) : 0x8e980000 0x0000a000 "\SystemRoot\System32\Drivers\dump_msahci.sys"
    .\debug.cpp(256) : 0x8e98a000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
    .\debug.cpp(256) : 0x95a50000 0x00250000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0x8e99b000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0x8e9a5000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
    .\debug.cpp(256) : 0x8e9b0000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0x8e9c3000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0x8e9ca000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0x8e9cc000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0x82228000 0x000ae000 "\SystemRoot\system32\DRIVERS\bcmwlhigh6.sys"
    .\debug.cpp(256) : 0x822d6000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
    .\debug.cpp(256) : 0x822e0000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
    .\debug.cpp(256) : 0x95cb0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
    .\debug.cpp(256) : 0x95ce0000 0x0001e000 "\SystemRoot\System32\cdd.dll"
    .\debug.cpp(256) : 0x822eb000 0x00017000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
    .\debug.cpp(256) : 0x82302000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
    .\debug.cpp(256) : 0x8231d000 0x00017000 "\??\C:\Windows\system32\drivers\aswMonFlt.sys"
    .\debug.cpp(256) : 0x82334000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
    .\debug.cpp(256) : 0x82337000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
    .\debug.cpp(256) : 0x82351000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
    .\debug.cpp(256) : 0x82361000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
    .\debug.cpp(256) : 0x823a7000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0x823b7000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
    .\debug.cpp(256) : 0x823ca000 0x0002a000 "\SystemRoot\System32\Drivers\fastfat.SYS"
    .\debug.cpp(256) : 0x823f4000 0x00009000 "\SystemRoot\system32\DRIVERS\vwifimp.sys"
    .\debug.cpp(256) : 0x82200000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
    .\debug.cpp(256) : 0x8e9d7000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
    .\debug.cpp(256) : 0x82219000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
    .\debug.cpp(256) : 0x9f609000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
    .\debug.cpp(256) : 0x9f6a0000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
    .\debug.cpp(256) : 0x9f6cb000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
    .\debug.cpp(256) : 0x9f75d000 0x0000f000 "\SystemRoot\system32\DRIVERS\NisDrvWFP.sys"
    .\debug.cpp(256) : 0x9f76c000 0x00021000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
    .\debug.cpp(256) : 0x9f7f7000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
    .\debug.cpp(256) : 0x77b00000 0x0013c000 "\Windows\System32\ntdll.dll"
    .\debug.cpp(256) : 0x47830000 0x00013000 "\Windows\System32\smss.exe"
    .\debug.cpp(256) : 0x77d40000 0x00050000 "\Windows\System32\apisetschema.dll"
    .\debug.cpp(256) : 0x00030000 0x000a6000 "\Windows\System32\autochk.exe"
    .\debug.cpp(256) : 0x77a00000 0x000f5000 "\Windows\System32\wininet.dll"
    .\debug.cpp(256) : 0x77c80000 0x000ac000 "\Windows\System32\msvcrt.dll"
    .\debug.cpp(256) : 0x77c70000 0x00005000 "\Windows\System32\psapi.dll"
    .\debug.cpp(256) : 0x77c50000 0x0001f000 "\Windows\System32\imm32.dll"
    .\debug.cpp(256) : 0x77800000 0x001fe000 "\Windows\System32\iertutil.dll"
    .\debug.cpp(256) : 0x77730000 0x000c9000 "\Windows\System32\user32.dll"
    .\debug.cpp(256) : 0x77690000 0x0009d000 "\Windows\System32\usp10.dll"
    .\debug.cpp(256) : 0x77600000 0x0008f000 "\Windows\System32\oleaut32.dll"
    .\debug.cpp(256) : 0x77520000 0x000d4000 "\Windows\System32\kernel32.dll"
    .\debug.cpp(256) : 0x77470000 0x000a1000 "\Windows\System32\rpcrt4.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-df32927e-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-df32927e-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
    .\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NisDrv"
    .\debug.cpp(400) : Destination "\Device\NisDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{52414035-6C08-4B48-B667-215158A3B52B}"
    .\debug.cpp(400) : Destination "\Device\NDMP1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{66326a44-d57a-11de-881c-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801DE&REV_1022#4&7addd11&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000046"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000043"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-XD#SM&REV_4.00#000003093FED&1##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\0000007a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
    .\debug.cpp(400) : Destination "\Device\AgileVPN"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&e5acee3&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
    .\debug.cpp(400) : Destination "\Device\00000061"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
    .\debug.cpp(400) : Destination "\Device\aswSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-CF_Card&Rev_4.00#000003093FED&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\0000006e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Corsair&Prod_Voyager&Rev_0.00#100000039EEA6A&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-MS_CARD&REV_4.00#000003093FED&2##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\00000078"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-df329276-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-df329276-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0846&PID_9011#0#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_01DE1028&REV_01#3&172e68dd&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
    .\debug.cpp(400) : Destination "\Device\aswSP_Pot2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_CORSAIR&PROD_VOYAGER&REV_0.00#100000039EEA6A&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\0000007d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-043a4903-39fe-4181-ad48-c1567fbdca98"
    .\debug.cpp(400) : Destination "\Device\HostProcess-043a4903-39fe-4181-ad48-c1567fbdca98"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
    .\debug.cpp(400) : Destination "\Device\ProcessManagement"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_014D&SUBSYS_034910DE&REV_A2#4&35682461&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&18cf7328&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
    .\debug.cpp(400) : Destination "\Device\Parallel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_01DE1028&REV_01#3&172e68dd&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{48C9BFA9-EF0D-4489-934E-C8C8E54983BD}"
    .\debug.cpp(400) : Destination "\Device\NDMP13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
    .\debug.cpp(400) : Destination "\Device\ParallelVdm0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
    .\debug.cpp(400) : Destination "\Device\Video5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C00E#5&3057dbd6&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&38963437&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
    .\debug.cpp(400) : Destination "\Device\SPDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
    .\debug.cpp(400) : Destination "\Device\Serial0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
    .\debug.cpp(400) : Destination "\Device\TeredoTun"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-df329272-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-df329272-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
    .\debug.cpp(400) : Destination "\Device\PEAuth"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0846&PID_9011#0#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801DE&REV_1022#4&7addd11&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1873de43&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_CORSAIR&PROD_VOYAGER&REV_0.00#100000039EEA6A&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\0000007d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-df32926d-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-df32926d-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1B1C&PID_1AB1#100000039EEA6A#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-df32927a-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-df32927a-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B7E51276-14B4-4353-9B0A-30BABE1D75E3}"
    .\debug.cpp(400) : Destination "\Device\NDMP2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
    .\debug.cpp(400) : Destination "\Device\vwififlt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
    .\debug.cpp(400) : Destination "\Device\NDMP15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-xD#SM&Rev_4.00#000003093FED&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801DE&REV_1022#4&7addd11&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
    .\debug.cpp(400) : Destination "\Device\Psched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{66326a40-d57a-11de-881c-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
    .\debug.cpp(400) : Destination "\Device\NDMP11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
    .\debug.cpp(400) : Destination "\Device\ASWTDI"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-acb0af79-b34d-4542-a19d-d07f7ab3dd5e"
    .\debug.cpp(400) : Destination "\Device\HostProcess-acb0af79-b34d-4542-a19d-d07f7ab3dd5e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_167A&SUBSYS_01DE1028&REV_02#4&24ac2e11&0&00E5#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&302bf1c2&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-MS_Card&Rev_4.00#000003093FED&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
    .\debug.cpp(400) : Destination "\Device\IPSECDOSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801DE&REV_1022#4&7addd11&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&37e6df2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NvAdminDevice"
    .\debug.cpp(400) : Destination "\Device\NvAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000004d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-xD#SM&Rev_4.00#000003093FED&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\00000075"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
    .\debug.cpp(400) : Destination "\Device\Harddisk2\DR2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination "\Device\USBFDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCMNDISP"
    .\debug.cpp(400) : Destination "\Device\SCMNDISP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&302bf1c2&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\0000004f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_014D&SUBSYS_034910DE&REV_A2#4&35682461&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
    .\debug.cpp(400) : Destination "\Device\Harddisk3\DR3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000043"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&302bf1c2&0&3#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0846&PID_9011#0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000048"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-CF_CARD&REV_4.00#000003093FED&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\00000077"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
    .\debug.cpp(400) : Destination "\clfs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"
    .\debug.cpp(400) : Destination "\Device\Harddisk4\DR4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&e5acee3&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000060"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
    .\debug.cpp(400) : Destination "\Device\00000062"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive5"
    .\debug.cpp(400) : Destination "\Device\Harddisk5\DR6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-XD#SM&REV_4.00#000003093FED&1##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\0000007a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
    .\debug.cpp(400) : Destination "\Device\Secdrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{66326a59-d57a-11de-881c-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-SD_CARD&REV_4.00#000003093FED&3##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0846&PID_9011#0#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk3Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801DE&REV_1022#4&7addd11&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_CPU__________6600__@_2.40GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    mlw038, Jan 30, 2012
    #55

  16. mlw038 Newcomer, in training Posts: 36

    .\debug.cpp(400) : Destination "\Device\00000052"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume8"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#6&1c9b64fd&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000074"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{66326a43-d57a-11de-881c-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B9F9D7BB-4EC1-4672-A04A-6E08188BD6CE}"
    .\debug.cpp(400) : Destination "\Device\NDMP14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
    .\debug.cpp(400) : Destination "\Device\NDMP12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
    .\debug.cpp(400) : Destination "\Device\nativewifip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#6&1c9b64fd&0&01#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000074"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HWP264E#5&bcb3755&0&UID1048832#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
    .\debug.cpp(400) : Destination "\Device\0000006c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_CPU__________6600__@_2.40GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000053"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000046"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
    .\debug.cpp(400) : Destination "\Device\00000062"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&e5acee3&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000060"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000048"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5a67e613-262c-11e1-ae33-001aa003190b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C3AEE420-1FF5-42AC-A7A3-691E806C986A}"
    .\debug.cpp(400) : Destination "\Device\NDMP4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
    .\debug.cpp(400) : Destination "\Device\PartmgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
    .\debug.cpp(400) : Destination "\Device\Nsi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
    .\debug.cpp(400) : Destination "\Device\NDMP6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMonFltProxy"
    .\debug.cpp(400) : Destination "\Device\aswMonFltProxy"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk1Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_01DE1028&REV_01#3&172e68dd&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
    .\debug.cpp(400) : Destination "\Device\USNTracker"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Corsair&Prod_Voyager&Rev_0.00#100000039EEA6A&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
    .\debug.cpp(400) : Destination "\Device\WFP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
    .\debug.cpp(400) : Destination "\Device\WwanProt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NDMP8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&43794&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
    .\debug.cpp(400) : Destination "\Device\ASYNCMAC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
    .\debug.cpp(400) : Destination "\Device\WANARPV6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_167A&SUBSYS_01DE1028&REV_02#4&24ac2e11&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-ab385f38-a761-49a0-9cb9-aeb25a7f62cb"
    .\debug.cpp(400) : Destination "\Device\HostProcess-ab385f38-a761-49a0-9cb9-aeb25a7f62cb"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-MS_CARD&REV_4.00#000003093FED&2##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\00000078"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-CF_CARD&REV_4.00#000003093FED&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\00000077"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk4Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{66326a58-d57a-11de-881c-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-SD_Card&Rev_4.00#000003093FED&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-10a0b9df-6a89-498c-9952-c8b6ce82f29c"
    .\debug.cpp(400) : Destination "\Device\HostProcess-10a0b9df-6a89-498c-9952-c8b6ce82f29c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
    .\debug.cpp(400) : Destination "\Device\AscKmd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00E#6&25a6af18&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000006b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0644&PID_0200#000003093FED#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
    .\debug.cpp(400) : Destination "\Device\NDMP7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
    .\debug.cpp(400) : Destination "\Device\Parallel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_01DE1028&REV_01#3&172e68dd&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
    .\debug.cpp(400) : Destination "\Device\MPS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD3200KS-75PFB0_____________________21.00M21#5&adb9a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-SD_Card&Rev_4.00#000003093FED&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000071"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-MS_Card&Rev_4.00#000003093FED&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000070"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2acddb0c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&11f0da81&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk5Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
    .\debug.cpp(400) : Destination "\Device\NDMP10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk2Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
    .\debug.cpp(400) : Destination "\Device\NDMP9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
    .\debug.cpp(400) : Destination "\Device\aswSP_Avar"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
    .\debug.cpp(400) : Destination "\Device\ASWRDR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-df329286-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-df329286-4af2-11e1-b7ea-e091f543c709"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00E#6&25a6af18&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000006b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{66326a57-d57a-11de-881c-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
    .\debug.cpp(400) : Destination "\Device\SstpDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&302bf1c2&0&2#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-SD_CARD&REV_4.00#000003093FED&3##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{43E510FB-F1C0-4CBE-AAA4-985FB0EBEE5F}"
    .\debug.cpp(400) : Destination "\Device\NDMP3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
    .\debug.cpp(400) : Destination "\Device\WfpAle"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_01DE1028&REV_01#3&172e68dd&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801DE&REV_1022#4&7addd11&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{66326a56-d57a-11de-881c-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{66326a40-d57a-11de-881c-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-CF_Card&Rev_4.00#000003093FED&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AF997A44-E885-4965-A9C6-A20FAAF2D5A9}"
    .\debug.cpp(400) : Destination "\Device\NDMP5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HWP264E#5&bcb3755&0&UID1048832#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
    .\debug.cpp(400) : Destination "\Device\0000006c"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1152) : Done;

    ListPart
    ListParts by Farbar
    Ran by Welch on 30-01-2012 at 15:08:54
    Windows 7 (X86)
    Running From: I:\mom1-28\fixtodo1-30
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 28%
    Total physical RAM: 2045.66 MB
    Available physical RAM: 1465.19 MB
    Total Pagefile: 4091.31 MB
    Available Pagefile: 3230.9 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1961.95 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:297.99 GB) (Free:217.79 GB) NTFS
    6 Drive i: (CORSAIR) (Removable) (Total:15.12 GB) (Free:12.89 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 15 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 297 GB 101 MB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 297 GB Healthy Boot

    Partitions of Disk 5:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 15 GB 1024 KB

    Disk: 5
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I CORSAIR FAT32 Removable 15 GB Healthy



    ****** End Of Log ******
    mlw038, Jan 30, 2012
    #56

  17. Broni Malware Annihilator Posts: 39,379   +177

    There is nothing malicious there.

    Can you check MSE vault for that missing file?
    Broni, Jan 30, 2012
    #57

  18. mlw038 Newcomer, in training Posts: 36

    1/10/12
    Virus:Win32/Sirefef.N
    Action Taken: Quarantined

    Security Essentials encountered the following error: Error code 0x8007001e. The system cannot read from the specified device.

    Category: Virus

    Description: This program is dangerous and replicates by infecting other files.

    Recommended action: Remove this software immediately.

    Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

    Items:
    file:C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys

    1/28/12
    Virus:Win32/Sirefef.N
    Action Taken: Disinfected
    Security Essentials encountered the following error: Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator.

    Category: Virus

    Description: This program is dangerous and replicates by infecting other files.

    Recommended action: Remove this software immediately.

    Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

    Items:
    file:C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys


    1/30/12
    Virus:Win32/Sirefef.N
    Action Taken: Disinfected
    Security Essentials encountered the following error: Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator.

    Category: Virus

    Description: This program is dangerous and replicates by infecting other files.

    Recommended action: Remove this software immediately.

    Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

    Items:
    file:C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys

    Get more information about this item online.
    mlw038, Jan 30, 2012
    #58

  19. Broni Malware Annihilator Posts: 39,379   +177

    Please run Farbar Service Scanner FSS).
    Type the following in the edit box after "Search:".

    afd.sys

    Click Search Files button and post the log (FSS.txt) it makes to your reply.
    Broni, Jan 30, 2012
    #59

  20. mlw038 Newcomer, in training Posts: 36

    When I ran the search MSE said there was a potential threat. What should I do for the recommended action? Disinfect/Quarantine or...? I won't do anything til you let me know what to do.

    Category: Virus

    Description: This program is dangerous and replicates by infecting other files.

    Recommended action: Remove this software immediately.

    Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

    Items:
    file:C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys


    Farbar Service Scanner
    Ran by Welch (administrator) on 30-01-2012 at 19:55:55
    Windows 7 Professional Service Pack 1 (X86)

    ************************************************
    ================== Search: "afd.sys" ===================

    C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
    [2011-06-15 13:19] - [2011-04-24 22:24] - 0338944 ____A (Microsoft Corporation) C427F91A748CD342A2B3F9278D9FD6A5

    C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
    [2011-06-15 13:19] - [2011-04-24 21:18] - 0338944 ____N () D41D8CD98F00B204E9800998ECF8427E

    C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
    [2011-05-25 16:56] - [2010-11-20 03:40] - 0338944 ____A (Microsoft Corporation) 1151FD4FB0216CFED887BFDE29EBD516

    C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
    [2011-06-15 13:19] - [2011-04-24 21:27] - 0338944 ____A (Microsoft Corporation) C114AB7A1550D42EA1700FFD4179CF5A

    C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
    [2011-06-15 13:19] - [2011-04-24 21:35] - 0338944 ____A (Microsoft Corporation) 0DB7A48388D54D154EBEC120461A0FCD

    C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
    [2009-07-13 18:12] - [2009-07-13 18:12] - 0338944 ____A (Microsoft Corporation) DDC040FDB01EF1712A6B13E52AFB104C

    ====== End Of Search ======
    mlw038, Jan 30, 2012
    #60
Page 3 of 4
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.