[Resolved] Need help please

mjjamj · Nov 15, 2010

Need some help with some virus/malware issues. Was having a bunch of problems starting with getting BSOD on boot. Was able to get into Safe mode okay. Scanning revealed a slew of virus and crap that I was able to clean off. I eventually was able to boot into windows XP. I have the URL redirect problem along with IE just hanging. I could not even submit this post from IE or Firefox. when I clicked submit it gave me an error.
I have followed 8-step guide and have posted the logs below. Any help is greatly appreciated.

Step 1 - AV Scan revealed TR/Trash.gen. I had this cleaned before but it seems to have come back

Step - 2 - TFC - Ran with no problems.

Step - 3 - Malwarebytes - Ran clean

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5121

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2010 1:18:21 PM
mbam-log-2010-11-15 (13-18-21).txt

Scan type: Quick scan
Objects scanned: 154508
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Step - 4 - GMER - Had to run from Safe mode. Found a possible problem

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-15 13:31:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort3 ST3160023A rev.8.01
Running: tgu6pet6.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\kwldrpoc.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 312581552 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-5 8B5B4292
Device \Device\Ide\IdeDeviceP3T0L0-10 -> \??\IDE#DiskST3160023A______________________________8.01____#4a34315345574e30202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

Step 5 - DDS

DDS.txt

DDS (Ver_10-11-10.01) - NTFSx86
Run by Mike at 13:43:05.35 on Mon 11/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2609 [GMT -6:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\chr vpn client\cvpnd.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mike\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; eMusic DLM/3; eMusic DLM/4; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.nickjr.com/playtime/shows/blue/games/blue_sortclothes.jhtml"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\chrobi~1.lnk - c:\program files\chr vpn client\ipsecdialer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: chase.com\mfasa
Trusted Zone: yahoo.com\football.fantasysports
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181699082917
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181699259026
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.chrobinson.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.chrobinson.com/dana-cached/sc/JuniperSetupClient.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\q50u967x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VI2TDF&PC=VI2TDF&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VI2TDF&PC=VI2TDF&q=
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-15 64288]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-11-15 3968]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-1 11608]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-3-15 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-3-16 8192]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-1 185089]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-1 56816]
R2 CVPNDRV;C.H. Robinson, Inc. IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2009-3-17 267335]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-1 233472]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-7-21 10384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-1 36608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AtiDCM;AtiDCM;\??\c:\documents and settings\mike\local settings\temp\atidcmxx.sys --> c:\documents and settings\mike\local settings\temp\atidcmxx.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-3-19 98488]
S3 SLACKERDRV;Slacker Portable USB Driver;c:\windows\system32\drivers\SlackerUSB.sys [2008-3-3 20480]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-17 145800]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-9-17 267760]
S4 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-9-17 218608]

=============== Created Last 30 ================

2010-11-15 15:34:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-15 15:26:40 -------- d-----w- c:\docume~1\mike\locals~1\applic~1\Sunbelt Software
2010-11-15 15:26:02 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-15 14:40:26 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-11-15 14:24:56 -------- d-----w- c:\program files\Sophos
2010-11-15 04:03:38 54016 ----a-w- c:\windows\system32\drivers\tkbp.sys
2010-11-14 23:32:25 54016 ----a-w- c:\windows\system32\drivers\ygbhuw.sys
2010-11-13 16:52:12 -------- d-----w- c:\docume~1\mike\applic~1\Windows Search
2010-11-13 15:42:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-13 15:42:54 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-01 18:34:00 153600 ----a-w- c:\windows\system32\WS_ContextMenu.dll
2010-11-01 18:33:54 892928 ----a-w- c:\windows\system32\iconv.dll
2010-11-01 18:33:54 675840 ----a-w- c:\windows\system32\ac3filter.ax
2010-11-01 18:33:54 496640 ----a-w- c:\windows\system32\xvid.ax
2010-11-01 18:33:51 -------- d-----w- c:\program files\Wondershare

==================== Find3M ====================

2010-11-13 20:55:33 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160023A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-10

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B7B2446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b7b8504]; MOV EAX, [0x8b7b8580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B75DAB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000085[0x8B81C450]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B7C1030]
\Driver\atapi[0x8B7E0270] -> IRP_MJ_CREATE -> 0x8B7B2446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-10 -> \??\IDE#DiskST3160023A______________________________8.01____#4a34315345574e30202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B7B2292
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 13:44:59.37 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/15/2009 2:59:14 PM
System Uptime: 11/15/2010 1:38:52 PM (0 hours ago)

Motherboard: BIOSTAR Group | | TA790GX 128M
Processor: AMD Phenom(tm) II X3 710 Processor | CPU 1 | 2600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 128 GiB total, 42.869 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 175.834 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&92
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&92
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&9A
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&9A
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0005
Manufacturer: Microsoft
Name: Packet Scheduler Miniport #6
PNP Device ID: ROOT\MS_PSCHEDMP\0005
Service: PSched

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N75
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP476: 8/18/2010 7:21:42 AM - System Checkpoint
RP477: 8/19/2010 6:14:56 PM - System Checkpoint
RP478: 8/21/2010 8:40:54 AM - System Checkpoint
RP479: 8/22/2010 10:31:42 AM - System Checkpoint
RP480: 8/23/2010 4:53:50 PM - System Checkpoint
RP481: 8/24/2010 5:48:18 PM - System Checkpoint
RP482: 8/25/2010 8:14:17 PM - System Checkpoint
RP483: 8/27/2010 5:11:42 AM - System Checkpoint
RP484: 8/28/2010 11:52:33 AM - System Checkpoint
RP485: 8/29/2010 4:17:11 PM - System Checkpoint
RP486: 8/30/2010 4:51:02 PM - System Checkpoint
RP487: 8/31/2010 8:57:50 PM - System Checkpoint
RP488: 9/2/2010 10:18:36 AM - System Checkpoint
RP489: 9/3/2010 1:36:01 PM - System Checkpoint
RP490: 9/4/2010 3:25:51 PM - System Checkpoint
RP491: 9/6/2010 10:02:13 AM - System Checkpoint
RP492: 9/7/2010 11:26:02 AM - System Checkpoint
RP493: 9/8/2010 11:51:19 AM - System Checkpoint
RP494: 9/9/2010 3:27:28 PM - System Checkpoint
RP495: 9/10/2010 6:24:55 PM - System Checkpoint
RP496: 9/11/2010 8:45:42 PM - System Checkpoint
RP497: 9/12/2010 9:11:32 PM - System Checkpoint
RP498: 9/14/2010 9:01:54 AM - System Checkpoint
RP499: 9/15/2010 4:48:18 PM - System Checkpoint
RP500: 9/16/2010 8:28:05 AM - Software Distribution Service 3.0
RP501: 9/17/2010 3:08:57 PM - System Checkpoint
RP502: 9/18/2010 4:53:02 PM - System Checkpoint
RP503: 9/19/2010 4:58:10 PM - System Checkpoint
RP504: 9/20/2010 5:09:31 PM - System Checkpoint
RP505: 9/21/2010 5:53:05 PM - System Checkpoint
RP506: 9/23/2010 5:15:44 AM - System Checkpoint
RP507: 9/24/2010 7:56:37 AM - System Checkpoint
RP508: 9/25/2010 9:22:21 AM - System Checkpoint
RP509: 9/26/2010 2:18:32 PM - System Checkpoint
RP510: 9/27/2010 4:54:01 PM - System Checkpoint
RP511: 9/28/2010 8:21:30 PM - System Checkpoint
RP512: 9/30/2010 5:42:46 AM - Software Distribution Service 3.0
RP513: 10/1/2010 12:06:27 PM - System Checkpoint
RP514: 10/2/2010 2:10:38 PM - System Checkpoint
RP515: 10/3/2010 5:24:07 PM - System Checkpoint
RP516: 10/4/2010 7:24:41 PM - System Checkpoint
RP517: 10/6/2010 6:40:35 AM - System Checkpoint
RP518: 10/7/2010 12:15:54 PM - System Checkpoint
RP519: 10/8/2010 7:11:09 AM - Software Distribution Service 3.0
RP520: 10/9/2010 8:34:09 AM - System Checkpoint
RP521: 10/10/2010 8:49:13 AM - System Checkpoint
RP522: 10/10/2010 7:00:31 PM - Software Distribution Service 3.0
RP523: 10/11/2010 7:37:43 PM - System Checkpoint
RP524: 10/12/2010 7:55:08 AM - Software Distribution Service 3.0
RP525: 10/13/2010 4:51:28 PM - System Checkpoint
RP526: 10/14/2010 6:41:33 PM - System Checkpoint
RP527: 10/14/2010 9:49:27 PM - Software Distribution Service 3.0
RP528: 10/16/2010 8:50:39 AM - System Checkpoint
RP529: 10/17/2010 11:21:54 AM - System Checkpoint
RP530: 10/18/2010 4:49:43 PM - System Checkpoint
RP531: 10/19/2010 4:54:57 PM - System Checkpoint
RP532: 10/20/2010 5:06:27 PM - System Checkpoint
RP533: 10/22/2010 11:18:20 AM - System Checkpoint
RP534: 10/23/2010 3:16:01 PM - System Checkpoint
RP535: 10/24/2010 3:22:36 PM - System Checkpoint
RP536: 10/30/2010 5:21:36 PM - System Checkpoint
RP537: 10/31/2010 8:55:26 PM - System Checkpoint
RP538: 11/2/2010 11:42:56 AM - System Checkpoint
RP539: 11/3/2010 1:31:20 PM - System Checkpoint
RP540: 11/4/2010 4:24:17 PM - System Checkpoint
RP541: 11/5/2010 5:36:52 PM - System Checkpoint
RP542: 11/6/2010 8:29:45 PM - System Checkpoint
RP543: 11/7/2010 9:45:21 PM - System Checkpoint
RP544: 11/9/2010 9:05:47 AM - System Checkpoint
RP545: 11/10/2010 4:43:44 PM - System Checkpoint
RP546: 11/11/2010 8:58:56 AM - Software Distribution Service 3.0
RP547: 11/13/2010 9:37:41 AM - Restore Operation
RP548: 11/14/2010 9:53:56 AM - Software Distribution Service 3.0

==== Installed Programs ======================

3D Groove Playback Engine
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Adobe Shockwave Player
Advanced WindowsCare 2.50 Personal
Alien Swarm
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
aspi
ASTRA32 - Advanced System Information Tool 1.54
ASUS Probe V2.20.08
AsusUpdate
ATI Catalyst Install Manager
AudioLabel
AutoStreamer
AVG Anti-Rootkit Free
Avira AntiVir Personal - Free Antivirus
Backup Expert
Bejeweled Deluxe
Big Fish Games Client
Bonjour
Call of Duty
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCHelp
CCleaner
CCScore
CDDRV_Installer
Company of Heroes
Company of Heroes: Tales of Valor
Compatibility Pack for the 2007 Office system
CR2
CyberLink DVD Suite
DFX 8 for Windows Media Player
DinoDave2(only remove)
DIY DataRecovery DiskPatch 3
DIY DataRecovery iRecover 2.1
Dreamship Tales
Drive Manager
DVD Shrink 3.2
EC Software TNT Screen Capture 2.1
Elprime Media Recovery 1.5
eMusic Download Manager 4.0.0.5
erLT
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSTUTOR
ESSvpaht
ESSvpot
Folding@home-gpu
Garmin WebUpdater
Google Toolbar for Internet Explorer
H&R Block Deluxe + Efile + State 2009
H&R Block Illinois 2009
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HDD Regenerator
HiJackThis
HLPCCTR
HLPIndex
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB933547)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HW Monitor
iCarly - iDream in Toons
ijji Auto Installer
InterActual Player
ISO Recorder
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JumpStart Numbers
JumpStart Pre-K
Juniper Networks Cache Cleaner 6.2.0
Juniper Networks Setup Client
Juniper Terminal Services Client
KhalInstallWrapper
Kodak EasyShare software
KSU
LEGO My Style Preschool
Lexmark X6100 Series
LG ODD Auto Firmware Update
LightScribe System Software 1.14.19.1
Logitech SetPoint
Lost Planet: Extreme Condition
Magic Ball 3
Mahjongg Artifacts
Mahjongg Master 5
Malwarebytes' Anti-Malware
Medical Terminology for Health Professions - Patch V2.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
Movielink Manager
Mozilla Firefox (3.5.7)
MP3 Recorder Studio 5.8
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
neroxml
Netflix Movie Viewer
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Notifier
Now Playing: A Windows Media Player Plugin
NVIDIA Drivers
NVIDIA nForce Drivers
NVIDIA PhysX
OpenAL
OTtBP
PC Connectivity Solution
PCDLNCH
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Peggle Deluxe
Penumbra Overture
Penumbra: Black Plague
Penumbra: Requiem
PlayLinc
PowerProducer
Print to Fax
Puppy Grows & Knows Your Name 1.0
QuickTime
RCA Digital Audio Player (Emusic Series)
Reader Rabbit Reading Ages 4-6
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
RoboTask 2.5.1
Safari
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Sansa Media Converter
Sansa Updater
SATARaid
SecurDisc Viewer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
SiSoftware Sandra Lite 2009.SP2
Sophos Anti-Rootkit 1.3.1
SpongeBob SquarePants Bubble Rush!
SpongeBob SquarePants Employee of the Month
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
StarFlyers Alien Space Chase
Steam
TaxCut Illinois 2007
TaxCut Illinois 2008
TaxCut Premium + State + Efile 2008
The Elder Scrolls IV: Oblivion
The Print Shop®
Turbine Download Manager - Live
TweakRAM
UBCD4Win 3.04
Understanding Health Insurance, 8th Ed.
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCAMCEN
Verizon Help and Support Tool
Virtools 3D Life Player
VirtualLab Client 5.5.15
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Vision EbooksReader_e
VLC media player 1.0.5
VPN Client
Web Stream Recorder Pro
WebFldrs XP
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Wizard101
WMP Playlist 2.2.1
Wondershare Video Converter Ultimate(Build 5.4.3.0)
XP Codec Pack
Yahoo! Install Manager
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/15/2010 8:07:45 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
11/15/2010 8:06:21 AM, error: System Error [1003] - Error code 0000004e, parameter1 00000007, parameter2 0000b1bb, parameter3 00000002, parameter4 00000000.
11/14/2010 11:56:59 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/14/2010 10:49:14 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/14/2010 10:08:15 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/14/2010 10:08:08 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 9:31:21 AM, error: Service Control Manager [7001] - The Cisco Systems, Inc. VPN Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 9:31:21 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 9:31:21 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 2:42:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
11/13/2010 2:42:27 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2010 2:41:33 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/13/2010 2:41:03 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/13/2010 2:40:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/13/2010 2:40:53 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2010 2:40:20 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
11/13/2010 2:39:42 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/13/2010 2:31:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2010 2:24:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/13/2010 2:24:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/13/2010 2:20:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM avgio avipbb BIOS BS_I2cIo Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
11/13/2010 2:20:35 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 2:20:35 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 2:20:35 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 1:22:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/13/2010 1:21:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/12/2010 5:43:48 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

Bobbye · Nov 15, 2010

Welcome to TechSpot! I'll help with the malware. Keep in mind that the better your description is of a problem, the better we can help you. So understand that descriptions like 'slew', 'crap' and 'bunch' aren't helpful. And telling us "when I clicked submit it gave me an error" without giving us the error isn't either! So, you get the idea?

It appears that you have 2 antivirus programs running: AV: Lavasoft Ad-Watch Live! Anti-Virus and AV: AntiVir Desktop *On-access scanning. Please remove one of those. Multiple AV programs make a system more vulnerable, not less.

You also have 5 outdated versions of Java on the system and none current- another vulnerability: Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

Please disable the AVG Anti-Rootkit as it can interfere with our scans. It also doesn't recognize the particular Rootkit you have.
=======================================================
There is a Rootkit malware infection on the system, so I'd like you to start with this program:

Download TDSSKiller. Extract the zipped file to your desktop.

Go to Start ->Run. Type/Copy and Paste the following text into the prompt:
Code:
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\report.txt -v
This will have the program write a detailed log

The screen will resemble this black screen:

If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.

After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list..

A log file named report.txt should have been created and saved to the root directory (usually C:\report.txt).

Follow the prompts and paste the report into your next reply.

==========================================
Please see if you can run Combofix after the TDSSKiller scan and reboot:
Please download ComboFix from Here and save to your Desktop.

[1]. Do NOT rename Combofix unless instructed.
[2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3].Close any open browsers.
[4]. Double click combofix.exe & follow the prompts to run.

NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
[5]. If Combofix asks you to install Recovery Console, please allow it.
[6]. If Combofix asks you to update the program, always allow.

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

mjjamj · Nov 15, 2010

TDSSKiller does not seem to like the -v command parameter.

Bobbye · Nov 16, 2010

Okay, let's do it this way instead:

Download the file TDSSKiller.zip and extract it (use archiver, for example, WInZip) into a folder on the infected (or potentially infected) PC.

Double click TDSSKiller.exe to start the scan

Wait for the scan and disinfection process to be over.
[o] The utility outputs a list of detected objects with description.
[o]The utility automatically selects an action (Cure or Delete) for malicious objects.
[o]The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).

Select the action Quarantine to quarantine detected objects.

The default quarantine folder is in the system disk root folder, e.g.:C:\TDSSKiller_Quarantine\23.07.2010_15.31.43

After clicking Next, the utility applies selected actions and outputs the result.

It is necessary to reboot the PC after the disinfection is over.

mjjamj · Nov 16, 2010

TDSSKiller log

2010/11/16 19:57:27.0234 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/16 19:57:27.0234 ================================================================================
2010/11/16 19:57:27.0234 SystemInfo:
2010/11/16 19:57:27.0234
2010/11/16 19:57:27.0234 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/16 19:57:27.0234 Product type: Workstation
2010/11/16 19:57:27.0234 ComputerName: HOME-DESKTOP
2010/11/16 19:57:27.0234 UserName: Mike
2010/11/16 19:57:27.0234 Windows directory: C:\WINDOWS
2010/11/16 19:57:27.0234 System windows directory: C:\WINDOWS
2010/11/16 19:57:27.0234 Processor architecture: Intel x86
2010/11/16 19:57:27.0234 Number of processors: 3
2010/11/16 19:57:27.0234 Page size: 0x1000
2010/11/16 19:57:27.0234 Boot type: Normal boot
2010/11/16 19:57:27.0234 ================================================================================
2010/11/16 19:57:27.0609 Initialize success
2010/11/16 19:57:42.0093 ================================================================================
2010/11/16 19:57:42.0093 Scan started
2010/11/16 19:57:42.0093 Mode: Manual;
2010/11/16 19:57:42.0093 ================================================================================
2010/11/16 19:57:43.0531 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/16 19:57:43.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/16 19:57:43.0703 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/16 19:57:43.0781 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/16 19:57:43.0968 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
2010/11/16 19:57:44.0031 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2010/11/16 19:57:44.0109 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/11/16 19:57:44.0218 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/16 19:57:44.0421 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys
2010/11/16 19:57:44.0515 ASTRA32 (5fc1fed39ed5d3f71c7d2fc16a49e2a2) C:\Program Files\ASTRA32\ASTRA32.sys
2010/11/16 19:57:44.0562 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/16 19:57:44.0640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/16 19:57:44.0937 ati2mtag (e7426973d081b6607056d1dd91bd9b01) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/16 19:57:45.0203 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/16 19:57:45.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/16 19:57:45.0390 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/11/16 19:57:45.0484 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/11/16 19:57:45.0515 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/11/16 19:57:45.0625 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/16 19:57:45.0671 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\System32\drivers\BIOS.sys
2010/11/16 19:57:45.0750 BS_I2cIo (9383ffa2aad55f6ca4831addd0edf230) C:\WINDOWS\system32\drivers\BS_I2cIo.sys
2010/11/16 19:57:45.0843 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/16 19:57:45.0968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/16 19:57:46.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/16 19:57:46.0078 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/16 19:57:46.0250 CVPNDRV (f512716e66d679dcb2070f81137d5dfe) C:\WINDOWS\system32\Drivers\CVPNDRV.sys
2010/11/16 19:57:46.0421 DcCam (6f9ea0f7edd83a67b52482df721a5fa4) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2010/11/16 19:57:46.0468 DcFpoint (cbb5f72a33fa4013acd8e9a2382e898b) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2010/11/16 19:57:46.0515 DCFS2K (8214bfcbcf2ed5751b1db9288dae88ca) C:\WINDOWS\system32\drivers\dcfs2k.sys
2010/11/16 19:57:46.0562 DcLps (b4b9ed249a335aba7afd7dd71917be69) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2010/11/16 19:57:46.0625 DcPTP (4ec04b31ac8870e9cb1c5379c54ee49d) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2010/11/16 19:57:46.0734 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/16 19:57:46.0796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/16 19:57:46.0875 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/11/16 19:57:46.0921 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/16 19:57:46.0984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/16 19:57:47.0046 DNE (f3d3e0d3fefac57ed1ecadfe746e52f3) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/11/16 19:57:47.0109 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/16 19:57:47.0187 Exportit (8fd3ad7d6fc1ab129763b5c410c0f866) C:\WINDOWS\system32\DRIVERS\exportit.sys
2010/11/16 19:57:47.0234 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/16 19:57:47.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/16 19:57:47.0312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/16 19:57:47.0375 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/16 19:57:47.0468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/16 19:57:47.0562 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/11/16 19:57:47.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/16 19:57:47.0781 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/16 19:57:47.0843 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/16 19:57:47.0921 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/16 19:57:47.0968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/16 19:57:48.0031 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
2010/11/16 19:57:48.0109 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/16 19:57:48.0140 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/16 19:57:48.0281 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/16 19:57:48.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/16 19:57:48.0453 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/16 19:57:48.0687 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/16 19:57:48.0812 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/16 19:57:48.0890 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/16 19:57:48.0937 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/16 19:57:48.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/16 19:57:49.0015 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/16 19:57:49.0062 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/16 19:57:49.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/16 19:57:49.0187 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/16 19:57:49.0218 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/16 19:57:49.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/16 19:57:49.0375 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/11/16 19:57:49.0390 L8042mou (8a5993705add14352c9a279fa8338334) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2010/11/16 19:57:49.0531 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/11/16 19:57:49.0609 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/11/16 19:57:49.0703 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/11/16 19:57:49.0828 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/11/16 19:57:49.0890 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/11/16 19:57:50.0062 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/16 19:57:50.0125 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/16 19:57:50.0218 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/16 19:57:50.0281 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/16 19:57:50.0359 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/16 19:57:50.0437 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/16 19:57:50.0593 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/11/16 19:57:50.0718 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2010/11/16 19:57:50.0734 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2010/11/16 19:57:50.0765 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/11/16 19:57:50.0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/16 19:57:50.0921 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/16 19:57:50.0984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/16 19:57:51.0031 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/16 19:57:51.0093 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/16 19:57:51.0140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/16 19:57:51.0218 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/16 19:57:51.0296 msvad_simple (ba03a176197d06ecaf0da86942375156) C:\WINDOWS\system32\drivers\povrtdev.sys
2010/11/16 19:57:51.0359 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/11/16 19:57:51.0390 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/16 19:57:51.0484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/16 19:57:51.0531 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/16 19:57:51.0562 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/16 19:57:51.0625 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/16 19:57:51.0687 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/16 19:57:51.0718 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/16 19:57:51.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/16 19:57:51.0859 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/16 19:57:51.0937 Nokia USB Generic (1926b4eef80f4a0c8cc8fcbb6b4a7461) C:\WINDOWS\system32\drivers\nmwcdc.sys
2010/11/16 19:57:52.0000 Nokia USB Modem (df4211b6ca609ff11f43261e04ac92f1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2010/11/16 19:57:52.0062 Nokia USB Phone Parent (ddfe78eeb4afcf91edc52b8f7c7dad15) C:\WINDOWS\system32\drivers\nmwcd.sys
2010/11/16 19:57:52.0109 Nokia USB Port (df4211b6ca609ff11f43261e04ac92f1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2010/11/16 19:57:52.0156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/16 19:57:52.0234 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/16 19:57:52.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/16 19:57:52.0343 nvax (47b3852808dd579a463fce7085b77413) C:\WINDOWS\system32\drivers\nvax.sys
2010/11/16 19:57:52.0406 NVENET (e07c1f16e5a4e32fc3c0f62b59815ef0) C:\WINDOWS\system32\DRIVERS\NVENET.sys
2010/11/16 19:57:52.0468 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\WINDOWS\system32\drivers\nvapu.sys
2010/11/16 19:57:52.0546 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2010/11/16 19:57:52.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/16 19:57:52.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/16 19:57:52.0765 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/16 19:57:52.0812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/16 19:57:52.0859 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/16 19:57:52.0906 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/16 19:57:52.0968 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/11/16 19:57:53.0015 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/16 19:57:53.0093 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/16 19:57:53.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/16 19:57:53.0437 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/16 19:57:53.0468 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/16 19:57:53.0500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/16 19:57:53.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/16 19:57:53.0781 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/16 19:57:53.0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/16 19:57:53.0859 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/16 19:57:53.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/16 19:57:53.0921 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/16 19:57:53.0968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/16 19:57:54.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/16 19:57:54.0093 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/16 19:57:54.0140 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/16 19:57:54.0328 RTHDMIAzAudService (856531cd105523a2f81375e7be4954c7) C:\WINDOWS\system32\drivers\RtHDMI.sys
2010/11/16 19:57:54.0593 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/11/16 19:57:54.0750 SANDRA (24c68978d48f41084dc00159aa07fab8) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys
2010/11/16 19:57:54.0843 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/16 19:57:54.0890 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/16 19:57:54.0921 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/16 19:57:55.0015 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/16 19:57:55.0109 SLACKERDRV (6974925fc00371c680075ad3556f7a28) C:\WINDOWS\system32\Drivers\SlackerUSB.sys
2010/11/16 19:57:55.0187 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/16 19:57:55.0234 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/16 19:57:55.0328 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/16 19:57:55.0437 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/11/16 19:57:55.0515 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/11/16 19:57:55.0578 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/11/16 19:57:55.0671 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/11/16 19:57:55.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/16 19:57:55.0765 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/16 19:57:56.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/16 19:57:56.0156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/16 19:57:56.0250 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/16 19:57:56.0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/16 19:57:56.0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/16 19:57:56.0468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/16 19:57:56.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/16 19:57:56.0703 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/16 19:57:56.0750 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/16 19:57:56.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/16 19:57:56.0859 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/16 19:57:56.0890 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/16 19:57:56.0968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/16 19:57:57.0031 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/16 19:57:57.0093 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/11/16 19:57:57.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/16 19:57:57.0203 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/16 19:57:57.0265 vsdatant (a1bbbffd303a8bc9446a094fb5de11fb) C:\WINDOWS\system32\vsdatant.sys
2010/11/16 19:57:57.0390 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/16 19:57:57.0453 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/16 19:57:57.0562 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/11/16 19:57:57.0609 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/11/16 19:57:57.0718 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/16 19:57:57.0765 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/16 19:57:57.0843 yukonwxp (aab54296372049b1864c213ca9140e1b) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
2010/11/16 19:57:57.0875 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/16 19:57:57.0906 ================================================================================
2010/11/16 19:57:57.0906 Scan finished
2010/11/16 19:57:57.0906 ================================================================================
2010/11/16 19:57:57.0921 Detected object count: 1
2010/11/16 19:59:23.0812 \HardDisk0 - quarantined
2010/11/16 19:59:23.0828 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Quarantine
2010/11/16 20:00:55.0656 ================================================================================
2010/11/16 20:00:55.0656 Scan started
2010/11/16 20:00:55.0656 Mode: Manual;
2010/11/16 20:00:55.0656 ================================================================================
2010/11/16 20:00:56.0640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/16 20:00:56.0734 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/16 20:00:57.0265 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/16 20:00:57.0343 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/16 20:00:57.0671 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
2010/11/16 20:00:57.0718 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2010/11/16 20:00:57.0796 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/11/16 20:00:57.0890 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/16 20:00:58.0171 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys
2010/11/16 20:00:58.0265 ASTRA32 (5fc1fed39ed5d3f71c7d2fc16a49e2a2) C:\Program Files\ASTRA32\ASTRA32.sys
2010/11/16 20:00:58.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/16 20:00:58.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/16 20:00:58.0687 ati2mtag (e7426973d081b6607056d1dd91bd9b01) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/16 20:00:58.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/16 20:00:59.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/16 20:00:59.0171 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/11/16 20:00:59.0234 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/11/16 20:00:59.0265 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/11/16 20:00:59.0359 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/16 20:00:59.0500 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\System32\drivers\BIOS.sys
2010/11/16 20:00:59.0640 BS_I2cIo (9383ffa2aad55f6ca4831addd0edf230) C:\WINDOWS\system32\drivers\BS_I2cIo.sys
2010/11/16 20:00:59.0812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/16 20:00:59.0921 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/16 20:00:59.0984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/16 20:01:00.0015 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/16 20:01:00.0203 CVPNDRV (f512716e66d679dcb2070f81137d5dfe) C:\WINDOWS\system32\Drivers\CVPNDRV.sys
2010/11/16 20:01:00.0328 DcCam (6f9ea0f7edd83a67b52482df721a5fa4) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2010/11/16 20:01:00.0437 DcFpoint (cbb5f72a33fa4013acd8e9a2382e898b) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2010/11/16 20:01:00.0468 DCFS2K (8214bfcbcf2ed5751b1db9288dae88ca) C:\WINDOWS\system32\drivers\dcfs2k.sys
2010/11/16 20:01:00.0515 DcLps (b4b9ed249a335aba7afd7dd71917be69) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2010/11/16 20:01:00.0562 DcPTP (4ec04b31ac8870e9cb1c5379c54ee49d) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2010/11/16 20:01:00.0656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/16 20:01:00.0765 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/16 20:01:00.0828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/11/16 20:01:00.0921 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/16 20:01:01.0046 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/16 20:01:01.0109 DNE (f3d3e0d3fefac57ed1ecadfe746e52f3) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/11/16 20:01:01.0171 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/16 20:01:01.0250 Exportit (8fd3ad7d6fc1ab129763b5c410c0f866) C:\WINDOWS\system32\DRIVERS\exportit.sys
2010/11/16 20:01:01.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/16 20:01:01.0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/16 20:01:01.0359 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/16 20:01:01.0406 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/16 20:01:01.0500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/16 20:01:01.0593 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/11/16 20:01:01.0671 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/16 20:01:01.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/16 20:01:01.0828 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/16 20:01:02.0171 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/16 20:01:02.0234 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/16 20:01:02.0281 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
2010/11/16 20:01:02.0375 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/16 20:01:02.0437 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/16 20:01:02.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/16 20:01:02.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/16 20:01:02.0968 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/16 20:01:03.0343 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/16 20:01:03.0484 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/16 20:01:03.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/16 20:01:04.0000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/16 20:01:04.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/16 20:01:04.0609 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/16 20:01:04.0765 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/16 20:01:04.0937 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/16 20:01:05.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/16 20:01:05.0453 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/16 20:01:05.0718 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/16 20:01:06.0468 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/11/16 20:01:06.0765 L8042mou (8a5993705add14352c9a279fa8338334) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2010/11/16 20:01:06.0921 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/11/16 20:01:07.0531 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/11/16 20:01:07.0937 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/11/16 20:01:08.0281 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/11/16 20:01:08.0406 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/11/16 20:01:08.0734 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/16 20:01:08.0968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/16 20:01:09.0046 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/16 20:01:09.0171 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/16 20:01:09.0265 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/16 20:01:09.0468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/16 20:01:09.0890 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/11/16 20:01:10.0156 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2010/11/16 20:01:10.0187 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2010/11/16 20:01:10.0218 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/11/16 20:01:10.0546 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/16 20:01:10.0812 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/16 20:01:11.0031 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/16 20:01:11.0109 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/16 20:01:11.0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/16 20:01:11.0218 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/16 20:01:11.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/16 20:01:11.0578 msvad_simple (ba03a176197d06ecaf0da86942375156) C:\WINDOWS\system32\drivers\povrtdev.sys
2010/11/16 20:01:11.0687 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/11/16 20:01:11.0781 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/16 20:01:11.0906 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/16 20:01:11.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/16 20:01:12.0031 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/16 20:01:12.0109 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/16 20:01:12.0140 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/16 20:01:12.0171 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/16 20:01:12.0453 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/16 20:01:12.0515 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/16 20:01:12.0625 Nokia USB Generic (1926b4eef80f4a0c8cc8fcbb6b4a7461) C:\WINDOWS\system32\drivers\nmwcdc.sys
2010/11/16 20:01:12.0687 Nokia USB Modem (df4211b6ca609ff11f43261e04ac92f1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2010/11/16 20:01:12.0734 Nokia USB Phone Parent (ddfe78eeb4afcf91edc52b8f7c7dad15) C:\WINDOWS\system32\drivers\nmwcd.sys
2010/11/16 20:01:12.0781 Nokia USB Port (df4211b6ca609ff11f43261e04ac92f1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2010/11/16 20:01:12.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/16 20:01:12.0921 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/16 20:01:13.0015 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/16 20:01:13.0125 nvax (47b3852808dd579a463fce7085b77413) C:\WINDOWS\system32\drivers\nvax.sys
2010/11/16 20:01:13.0281 NVENET (e07c1f16e5a4e32fc3c0f62b59815ef0) C:\WINDOWS\system32\DRIVERS\NVENET.sys
2010/11/16 20:01:13.0421 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\WINDOWS\system32\drivers\nvapu.sys
2010/11/16 20:01:13.0484 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2010/11/16 20:01:13.0546 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/16 20:01:13.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/16 20:01:13.0656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/16 20:01:13.0703 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/16 20:01:13.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/16 20:01:13.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/16 20:01:13.0906 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/11/16 20:01:13.0953 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/16 20:01:14.0093 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/16 20:01:14.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/16 20:01:15.0562 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/16 20:01:15.0609 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/16 20:01:15.0718 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/16 20:01:15.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/16 20:01:16.0609 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/16 20:01:16.0671 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/16 20:01:16.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/16 20:01:16.0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/16 20:01:16.0843 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/16 20:01:16.0906 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/16 20:01:17.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/16 20:01:17.0093 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/16 20:01:17.0171 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/16 20:01:17.0421 RTHDMIAzAudService (856531cd105523a2f81375e7be4954c7) C:\WINDOWS\system32\drivers\RtHDMI.sys
2010/11/16 20:01:17.0484 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/11/16 20:01:17.0656 SANDRA (24c68978d48f41084dc00159aa07fab8) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys
2010/11/16 20:01:17.0859 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/16 20:01:18.0343 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/16 20:01:18.0656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/16 20:01:18.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/16 20:01:18.0984 SLACKERDRV (6974925fc00371c680075ad3556f7a28) C:\WINDOWS\system32\Drivers\SlackerUSB.sys
2010/11/16 20:01:19.0500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/16 20:01:19.0703 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/16 20:01:19.0828 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/16 20:01:19.0921 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/11/16 20:01:19.0984 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/11/16 20:01:20.0093 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/11/16 20:01:20.0187 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/11/16 20:01:20.0281 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/16 20:01:20.0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/16 20:01:20.0671 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/16 20:01:20.0765 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/16 20:01:20.0859 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/16 20:01:20.0906 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/16 20:01:20.0937 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/16 20:01:21.0093 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/16 20:01:21.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/16 20:01:21.0359 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/16 20:01:21.0406 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/16 20:01:21.0437 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/16 20:01:21.0546 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/16 20:01:21.0578 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/16 20:01:21.0656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/16 20:01:21.0734 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/16 20:01:21.0781 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/11/16 20:01:21.0828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/16 20:01:21.0921 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/16 20:01:21.0984 vsdatant (a1bbbffd303a8bc9446a094fb5de11fb) C:\WINDOWS\system32\vsdatant.sys
2010/11/16 20:01:22.0062 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/16 20:01:22.0156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/16 20:01:22.0265 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/11/16 20:01:22.0359 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/11/16 20:01:22.0468 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/16 20:01:22.0500 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/16 20:01:22.0593 yukonwxp (aab54296372049b1864c213ca9140e1b) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
2010/11/16 20:01:22.0609 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/16 20:01:22.0640 ================================================================================
2010/11/16 20:01:22.0640 Scan finished
2010/11/16 20:01:22.0640 ================================================================================
2010/11/16 20:01:22.0656 Detected object count: 1
2010/11/16 20:01:37.0437 \HardDisk0 - will be cured after reboot
2010/11/16 20:01:37.0437 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/16 20:01:41.0656 Deinitialize success

mjjamj · Nov 16, 2010

Combofix result

Combofix ran. It downloaded recovery console successful. The scan went through all of the stages. When it got to the deleting file I got blue screen with the error BAD_POOL_HEADER.

Bobbye · Nov 16, 2010

Have you handled the multiple AV programs?

Please run the following in the order given:
1. Security Check
Download Security Check and save it to your Desktop.

Double-click SecurityCheck.exe to run.

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post this log in your next reply.

========================================
2. Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com

Rkill.scr

Rkill.pif

Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

3. Please download exeHelper by Raktor and save it to your desktop.

Double-click on exeHelper.com or exeHelper.scr to run the fix tool.

A black window should pop up, press any key to close once the fix is completed.

A log file called exehelperlog.txt will be created and should open at the end of the scan)

A copy of that log will also be saved in the directory where you ran exeHelper.com

Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

4. Try the Combofix scan again after these 2 programs.

5. Download the HijackThis Installer and save to the desktop:

Double-click on HJTInstall.exe to run the program.

By default it will install to C:\Program Files\Trend Micro\HijackThis.

Accept the license agreement by clicking the "I Accept" button.

Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.

Click "Save log" to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

I will be having you disable the Shockware Updater.

mjjamj · Nov 17, 2010

RKill and exeHelper log

RKill.com and RKill.scr both ran but when they finished my desktop disappeared. Ekill.exe ran with no problem.

exeHelper produced the following log.

exeHelper by Raktor
Build 20100414
Run at 09:24:56 on 11/17/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 09:43:03 on 11/17/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I ran it twice because of Combofix. See next post

mjjamj · Nov 17, 2010

ComboFix

ComboFix ran once and popped up the message master boot record infected press ok to reboot. When I pressed okay I got BSOD with no particular error. I rebooted and ran it again running RKILL and exeHelper first. THis time it made it through the scan but when it got to deleting files I got BSOD with a BAD_POOLED_HEADER error like last time.

mjjamj · Nov 17, 2010

Hijackthis.log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:49 AM, on 11/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\chr vpn client\cvpnd.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: C.H. Robinson, Inc. CHR VPN Client.lnk = C:\Program Files\chr vpn client\ipsecdialer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181699082917
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181699259026
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://vpn.chrobinson.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://vpn.chrobinson.com/dana-cached/sc/JuniperSetupClient.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\chr vpn client\cvpnd.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10890 bytes

mjjamj · Nov 17, 2010

When I try and post HijackThis log it tells me it needs moderator approval.

Bobbye · Nov 17, 2010

HijackThis log appears twice- I deleted the duplicate.

Please run this: Download bootkitremover.rar and save it to your desktop.

Extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip

Double-click on the remover.exe file to run the program.

Paste the output in your next reply.

mjjamj · Nov 17, 2010

BootKitRemover log

.\debug.cpp(238) : Debug log started at 17.11.2010 - 19:27:22
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0x8b791000 0x00003000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f79000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f68000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba0b8000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000e000 "\WINDOWS\System32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0d8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f49000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb9f23000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba671000 0x00001000 "amdide.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f0b000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba108000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9eeb000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9ed9000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba118000 0x0000f000 "Lbd.sys"
.\debug.cpp(256) : 0xb9ec2000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9eaf000 0x00013000 "WudfPf.sys"
.\debug.cpp(256) : 0xb9e22000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9df5000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba338000 0x00005000 "nv_agp.sys"
.\debug.cpp(256) : 0xb9ddb000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba1b8000 0x0000d000 "\SystemRoot\system32\DRIVERS\AmdPPM.sys"
.\debug.cpp(256) : 0xb498b000 0x00553000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys"
.\debug.cpp(256) : 0xa0776000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xa074e000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xa0734000 0x0001a000 "\SystemRoot\system32\DRIVERS\Rtenicxp.sys"
.\debug.cpp(256) : 0xa1272000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xa1262000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xa1252000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xa0711000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba408000 0x00006000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xba410000 0x00005000 "\SystemRoot\System32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xa06ed000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xa1242000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xa08d5000 0x00004000 "\SystemRoot\system32\DRIVERS\L8042Kbd.sys"
.\debug.cpp(256) : 0xba418000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xa1232000 0x0000e000 "\SystemRoot\system32\DRIVERS\L8042mou.Sys"
.\debug.cpp(256) : 0xa06db000 0x00012000 "\SystemRoot\system32\DRIVERS\LMouKE.Sys"
.\debug.cpp(256) : 0xba420000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xa06c7000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xa1222000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xa08d1000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xa08cd000 0x00003000 "\SystemRoot\System32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xa06ad000 0x0001a000 "\SystemRoot\system32\DRIVERS\dne2000.sys"
.\debug.cpp(256) : 0xa1212000 0x00009000 "\SystemRoot\system32\drivers\povrtdev.sys"
.\debug.cpp(256) : 0xa0689000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xa1202000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa0bee000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xa0cc4000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xa08c5000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xa0672000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xa0cb4000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xa0ca4000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba428000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xa0661000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xa0c94000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba430000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba438000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xa0631000 0x00030000 "\SystemRoot\System32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xa0c84000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba642000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xa05d3000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xac0ae000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xa0c74000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba644000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xa0c64000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x9420c000 0x00385000 "\SystemRoot\system32\drivers\RtHDMI.sys"
.\debug.cpp(256) : 0x93db7000 0x00455000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0xba646000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xa0c44000 0x00009000 "\SystemRoot\system32\DRIVERS\DcCam.sys"
.\debug.cpp(256) : 0x93d92000 0x00025000 "\SystemRoot\system32\DRIVERS\EXPORTIT.SYS"
.\debug.cpp(256) : 0xba7de000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba648000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba460000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba5c0000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xafde8000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba470000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xb2f19000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xa7bdb000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x93d5f000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0x93d06000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0x93cde000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x93cb8000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xa0c34000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x93c96000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xb25bb000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xb2f11000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x93c6b000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x93bfb000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb58c2000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb2f09000 0x00008000 "\??\C:\WINDOWS\system32\drivers\BS_I2cIo.sys"
.\debug.cpp(256) : 0xa7bbf000 0x00004000 "\??\C:\WINDOWS\System32\drivers\BIOS.sys"
.\debug.cpp(256) : 0x93bdf000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xa1e67000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xba198000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb1989000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xb1981000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xba584000 0x00004000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
.\debug.cpp(256) : 0xb1971000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xba588000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xba1a8000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xb1969000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x93bc7000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xa1785000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb5755000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xa1338000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xa0be1000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x0004e000 "\SystemRoot\System32\ati2dvag.dll"
.\debug.cpp(256) : 0xbf060000 0x000ab000 "\SystemRoot\System32\ati2cqag.dll"
.\debug.cpp(256) : 0xbf10b000 0x000a6000 "\SystemRoot\System32\atikvmag.dll"
.\debug.cpp(256) : 0xbf1b1000 0x00065000 "\SystemRoot\System32\atiok3x2.dll"
.\debug.cpp(256) : 0xbf216000 0x003b9000 "\SystemRoot\System32\ati3duag.dll"
.\debug.cpp(256) : 0xbf9c5000 0x0026c000 "\SystemRoot\System32\ativvaxx.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x90980000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xb17bf000 0x0000a000 "\SystemRoot\system32\drivers\dcfs2k.sys"
.\debug.cpp(256) : 0x90944000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x906ab000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xba64c000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xba744000 0x00001000 "\??\C:\WINDOWS\system32\drivers\aslm75.sys"
.\debug.cpp(256) : 0xa1320000 0x00005000 "\??\C:\Program Files\ASTRA32\ASTRA32.sys"
.\debug.cpp(256) : 0x904f0000 0x0007b000 "\??\C:\WINDOWS\system32\Drivers\CVPNDRV.sys"
.\debug.cpp(256) : 0x90487000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0x90382000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb4f6e000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xba6ec000 0x00001000 "\SystemRoot\System32\Drivers\LBeepKE.sys"
.\debug.cpp(256) : 0x902dc000 0x00058000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa19eb000 0x00006000 "\SystemRoot\System32\Drivers\TDTCP.SYS"
.\debug.cpp(256) : 0x8fa1f000 0x00023000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
.\debug.cpp(256) : 0x8f318000 0x00009000 "\??\C:\WINDOWS\system32\FsUsbExDisk.SYS"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_043d&Pid_0072#15K005000220219#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&396186f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_37001565&REV_00#3&267a616a&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_68B8&SUBSYS_200B1787&REV_00#4&92b7792&0&0010#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0B368CD6-E984-445F-98F6-5DB5B02A9359}"
.\debug.cpp(400) : Destination "\Device\{0B368CD6-E984-445F-98F6-5DB5B02A9359}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bf7162df-17ea-11dc-8ad8-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d42b52b0-f081-11de-958b-00e04db4fbfb}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&338acb6f&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_23071565&REV_02#4&2ba546c5&0&0038#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination "\Device\avgio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3EE1732E-E1EF-446E-AABC-1665BC6FE47B}"
.\debug.cpp(400) : Destination "\Device\{3EE1732E-E1EF-446E-AABC-1665BC6FE47B}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_4#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22LS30_______________1.03____#5&b3cc5de&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C45A509F-B883-4EF3-839E-FCE10EEDF89C}"
.\debug.cpp(400) : Destination "\Device\{C45A509F-B883-4EF3-839E-FCE10EEDF89C}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BS_I2cIo"
.\debug.cpp(400) : Destination "\Device\BS_I2cIo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_043d&Pid_0072&MI_01#6&1c42c57c&2&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\00000093"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature644E644EOffset7E00Length1FFFD58C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Lbd"
.\debug.cpp(400) : Destination "\Device\Lbd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
.\debug.cpp(400) : Destination "\Device\Usbscan0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2963f391-116c-11de-a70f-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CmmqsMiniport"
.\debug.cpp(400) : Destination "\Device\CmmqsMiniport"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&29c19a03&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aslm75"
.\debug.cpp(400) : Destination "\Device\aslm75"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&608788a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FsUsbExDisk"
.\debug.cpp(400) : Destination "\Device\FsUsbExDisk"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BIOS"
.\debug.cpp(400) : Destination "\Device\BIOS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&109931a5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{93ee1f18-b65c-11dc-b29c-000ea60c1973}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device10"
.\debug.cpp(400) : Destination "\Device\Astra32Device10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d424e391-1165-11de-8720-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device11"
.\debug.cpp(400) : Destination "\Device\Astra32Device11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A8C32046-5642-459E-A600-33B948448F65}"
.\debug.cpp(400) : Destination "\Device\{A8C32046-5642-459E-A600-33B948448F65}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device12"
.\debug.cpp(400) : Destination "\Device\Astra32Device12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F03#4&338acb6f&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F03#4&338acb6f&0#{f117b9b3-6e65-11d2-a148-00001c2053de}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device13"
.\debug.cpp(400) : Destination "\Device\Astra32Device13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device14"
.\debug.cpp(400) : Destination "\Device\Astra32Device14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device15"
.\debug.cpp(400) : Destination "\Device\Astra32Device15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1A3CFCCD-F294-4FE3-8B7D-AB8D8F08C861}"
.\debug.cpp(400) : Destination "\Device\{1A3CFCCD-F294-4FE3-8B7D-AB8D8F08C861}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{249365E4-AEA1-457C-988D-54EA21AFA857}"
.\debug.cpp(400) : Destination "\Device\{249365E4-AEA1-457C-988D-54EA21AFA857}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device0"
.\debug.cpp(400) : Destination "\Device\Astra32Device0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&338acb6f&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_37001565&REV_00#3&267a616a&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_043d&Pid_0072&MI_02#7&138084fd&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000096"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_043d&Pid_0072&MI_00#6&1c42c57c&2&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\00000092"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device1"
.\debug.cpp(400) : Destination "\Device\Astra32Device1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DACFS2k"
.\debug.cpp(400) : Destination "\DCFS2k"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DAIDCAM"
.\debug.cpp(400) : Destination "\Device\DAIDCAM"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device2"
.\debug.cpp(400) : Destination "\Device\Astra32Device2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&1732c3ce&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000087"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4399&SUBSYS_37001565&REV_00#3&267a616a&0&A5#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device3"
.\debug.cpp(400) : Destination "\Device\Astra32Device3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&356f1c15&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&4d616ce&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RealTekCard"
.\debug.cpp(400) : Destination "\Device\RealTekCard"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device4"
.\debug.cpp(400) : Destination "\Device\Astra32Device4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_37001565&REV_00#3&267a616a&0&91#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22LS30_______________1.03____#5&b3cc5de&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device5"
.\debug.cpp(400) : Destination "\Device\Astra32Device5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device6"
.\debug.cpp(400) : Destination "\Device\Astra32Device6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{60BFFD3D-FF46-4D1A-94D9-521DFDAB1FF3}"
.\debug.cpp(400) : Destination "\Device\{60BFFD3D-FF46-4D1A-94D9-521DFDAB1FF3}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device7"
.\debug.cpp(400) : Destination "\Device\Astra32Device7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{51D3263F-9BC5-45BA-8E0F-47AB6437C09B}"
.\debug.cpp(400) : Destination "\Device\{51D3263F-9BC5-45BA-8E0F-47AB6437C09B}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_4#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DNE"
.\debug.cpp(400) : Destination "\Device\DNE"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device8"
.\debug.cpp(400) : Destination "\Device\Astra32Device8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_37001565&REV_00#3&267a616a&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CVPNDRV"
.\debug.cpp(400) : Destination "\Device\CVPNDRV"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\NamedPipe\Spooler\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device9"
.\debug.cpp(400) : Destination "\Device\Astra32Device9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Seagate&Prod_FreeAgentDesktop&Rev_100D#____________6RY1QS69&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&338acb6f&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DNEMAC"
.\debug.cpp(400) : Destination "\Device\DNE"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_4#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureA4B57300Offset7E00Length3A388A8400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\L8042KBD"
.\debug.cpp(400) : Destination "\Device\L8042KBD"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22LS30_______________1.03____#5&b3cc5de&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0bc2&Pid_3000#____________6RY1QS69#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3160023A______________________________8.01____#4a34315345574e30202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP3T0L0-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{06A465C1-DBA0-4FA7-8D24-52E85E912346}"
.\debug.cpp(400) : Destination "\Device\{06A465C1-DBA0-4FA7-8D24-52E85E912346}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\lmouke"
.\debug.cpp(400) : Destination "\Device\lmouke"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 149 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1135) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1137) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1138) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1142) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1143) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1146) :
.\boot_cleaner.cpp(1151) : Done;

Bobbye · Nov 17, 2010

Open Notepad
Copy and paste the text in the codebox into Notepad:
Code:
@ECHO OFF
START 
remover.exe fix \\.\PhysicalDrive0    
EXIT
Go File > Save As

Save as Type choose All Files

For File Name type fix.bat

Save In> choose Desktop

Save

Double click to Run fix.bat
(You may see a black box appear; this is normal.)

Run remover.exe again and post its output.

Do NOT reboot computer!

mjjamj · Nov 17, 2010

.\debug.cpp(238) : Debug log started at 18.11.2010 - 00:44:49
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0x8b792000 0x00003000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f79000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f68000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba0b8000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000e000 "\WINDOWS\System32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0d8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f49000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb9f23000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba671000 0x00001000 "amdide.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f0b000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba108000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9eeb000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9ed9000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba118000 0x0000f000 "Lbd.sys"
.\debug.cpp(256) : 0xb9ec2000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9eaf000 0x00013000 "WudfPf.sys"
.\debug.cpp(256) : 0xb9e22000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9df5000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba338000 0x00005000 "nv_agp.sys"
.\debug.cpp(256) : 0xb9ddb000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba308000 0x0000d000 "\SystemRoot\system32\DRIVERS\AmdPPM.sys"
.\debug.cpp(256) : 0xb49e4000 0x00553000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys"
.\debug.cpp(256) : 0xa2a9d000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xa2a75000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xa2a5b000 0x0001a000 "\SystemRoot\system32\DRIVERS\Rtenicxp.sys"
.\debug.cpp(256) : 0xa35eb000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xa35db000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xa35cb000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xa2a38000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xa3218000 0x00006000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xa3210000 0x00005000 "\SystemRoot\System32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xa2a14000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xa35bb000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xaa01e000 0x00004000 "\SystemRoot\system32\DRIVERS\L8042Kbd.sys"
.\debug.cpp(256) : 0xa2ccc000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xa35ab000 0x0000e000 "\SystemRoot\system32\DRIVERS\L8042mou.Sys"
.\debug.cpp(256) : 0xa2a02000 0x00012000 "\SystemRoot\system32\DRIVERS\LMouKE.Sys"
.\debug.cpp(256) : 0xa2cc4000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xa29ee000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xa359b000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xaa01a000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xaa016000 0x00003000 "\SystemRoot\System32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xa29d4000 0x0001a000 "\SystemRoot\system32\DRIVERS\dne2000.sys"
.\debug.cpp(256) : 0xa358b000 0x00009000 "\SystemRoot\system32\drivers\povrtdev.sys"
.\debug.cpp(256) : 0xa29b0000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xa2f84000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa2ab8000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xa2f74000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xaa00e000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xa2999000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xa2f64000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xa2f54000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xa2cbc000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xa2988000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xa2f44000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xa2cb4000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xa2cac000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xa2958000 0x00030000 "\SystemRoot\System32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xa2f34000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5c8000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xa28fa000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xa98c1000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xa2f24000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba5d0000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xa2f14000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x96533000 0x00385000 "\SystemRoot\system32\drivers\RtHDMI.sys"
.\debug.cpp(256) : 0x960de000 0x00455000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0xba5c0000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xa2ef4000 0x00009000 "\SystemRoot\system32\DRIVERS\DcCam.sys"
.\debug.cpp(256) : 0x960b9000 0x00025000 "\SystemRoot\system32\DRIVERS\EXPORTIT.SYS"
.\debug.cpp(256) : 0xba771000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xaa5eb000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xa2c8c000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xaa5e9000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xaa5e7000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xa2c84000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xa927e000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xba584000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x96086000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0x9602d000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0x96005000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x95fdf000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xa9479000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x95fbd000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xa9328000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xa9286000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x95f92000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x95f22000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xa92f8000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb3911000 0x00008000 "\??\C:\WINDOWS\system32\drivers\BS_I2cIo.sys"
.\debug.cpp(256) : 0xaa7db000 0x00004000 "\??\C:\WINDOWS\System32\drivers\BIOS.sys"
.\debug.cpp(256) : 0x95f06000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xaa5db000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xa92c8000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xa9266000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xa925e000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xaa7bf000 0x00004000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
.\debug.cpp(256) : 0xa923e000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xaa7c3000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xa92a8000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xa9028000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x95eee000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xa8f15000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb5674000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba388000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba74e000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x0004e000 "\SystemRoot\System32\ati2dvag.dll"
.\debug.cpp(256) : 0xbf060000 0x000ab000 "\SystemRoot\System32\ati2cqag.dll"
.\debug.cpp(256) : 0xbf10b000 0x000a6000 "\SystemRoot\System32\atikvmag.dll"
.\debug.cpp(256) : 0xbf1b1000 0x00065000 "\SystemRoot\System32\atiok3x2.dll"
.\debug.cpp(256) : 0xbf216000 0x003b9000 "\SystemRoot\System32\ati3duag.dll"
.\debug.cpp(256) : 0xbf9c5000 0x0026c000 "\SystemRoot\System32\ativvaxx.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x9296d000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xba1e8000 0x0000a000 "\SystemRoot\system32\drivers\dcfs2k.sys"
.\debug.cpp(256) : 0xa42f4000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x926c0000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xa9fde000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xa3461000 0x00001000 "\??\C:\WINDOWS\system32\drivers\aslm75.sys"
.\debug.cpp(256) : 0xba430000 0x00005000 "\??\C:\Program Files\ASTRA32\ASTRA32.sys"
.\debug.cpp(256) : 0x9252d000 0x0007b000 "\??\C:\WINDOWS\system32\Drivers\CVPNDRV.sys"
.\debug.cpp(256) : 0x924c4000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xa8f3e000 0x00001000 "\SystemRoot\System32\Drivers\LBeepKE.sys"
.\debug.cpp(256) : 0x92354000 0x00058000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x92317000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0x925d8000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa8ff0000 0x00006000 "\SystemRoot\System32\Drivers\TDTCP.SYS"
.\debug.cpp(256) : 0x91b4c000 0x00023000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
.\debug.cpp(256) : 0x918d4000 0x00009000 "\??\C:\WINDOWS\system32\FsUsbExDisk.SYS"
.\debug.cpp(256) : 0x912e9000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_043d&Pid_0072#15K005000220219#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&396186f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_37001565&REV_00#3&267a616a&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_68B8&SUBSYS_200B1787&REV_00#4&92b7792&0&0010#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0B368CD6-E984-445F-98F6-5DB5B02A9359}"
.\debug.cpp(400) : Destination "\Device\{0B368CD6-E984-445F-98F6-5DB5B02A9359}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d42b52b0-f081-11de-958b-00e04db4fbfb}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&338acb6f&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_23071565&REV_02#4&2ba546c5&0&0038#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bf7162df-17ea-11dc-8ad8-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination "\Device\avgio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3EE1732E-E1EF-446E-AABC-1665BC6FE47B}"
.\debug.cpp(400) : Destination "\Device\{3EE1732E-E1EF-446E-AABC-1665BC6FE47B}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_4#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22LS30_______________1.03____#5&b3cc5de&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C45A509F-B883-4EF3-839E-FCE10EEDF89C}"
.\debug.cpp(400) : Destination "\Device\{C45A509F-B883-4EF3-839E-FCE10EEDF89C}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BS_I2cIo"
.\debug.cpp(400) : Destination "\Device\BS_I2cIo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_043d&Pid_0072&MI_01#6&1c42c57c&2&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\00000092"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature644E644EOffset7E00Length1FFFD58C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Lbd"
.\debug.cpp(400) : Destination "\Device\Lbd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
.\debug.cpp(400) : Destination "\Device\Usbscan0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2963f391-116c-11de-a70f-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CmmqsMiniport"
.\debug.cpp(400) : Destination "\Device\CmmqsMiniport"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&29c19a03&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aslm75"
.\debug.cpp(400) : Destination "\Device\aslm75"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&608788a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FsUsbExDisk"
.\debug.cpp(400) : Destination "\Device\FsUsbExDisk"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BIOS"
.\debug.cpp(400) : Destination "\Device\BIOS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&109931a5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{93ee1f18-b65c-11dc-b29c-000ea60c1973}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device10"
.\debug.cpp(400) : Destination "\Device\Astra32Device10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d424e391-1165-11de-8720-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device11"
.\debug.cpp(400) : Destination "\Device\Astra32Device11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A8C32046-5642-459E-A600-33B948448F65}"
.\debug.cpp(400) : Destination "\Device\{A8C32046-5642-459E-A600-33B948448F65}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device12"
.\debug.cpp(400) : Destination "\Device\Astra32Device12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F03#4&338acb6f&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F03#4&338acb6f&0#{f117b9b3-6e65-11d2-a148-00001c2053de}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device13"
.\debug.cpp(400) : Destination "\Device\Astra32Device13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device14"
.\debug.cpp(400) : Destination "\Device\Astra32Device14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device15"
.\debug.cpp(400) : Destination "\Device\Astra32Device15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1A3CFCCD-F294-4FE3-8B7D-AB8D8F08C861}"
.\debug.cpp(400) : Destination "\Device\{1A3CFCCD-F294-4FE3-8B7D-AB8D8F08C861}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{249365E4-AEA1-457C-988D-54EA21AFA857}"
.\debug.cpp(400) : Destination "\Device\{249365E4-AEA1-457C-988D-54EA21AFA857}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device0"
.\debug.cpp(400) : Destination "\Device\Astra32Device0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&338acb6f&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_37001565&REV_00#3&267a616a&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_043d&Pid_0072&MI_02#7&138084fd&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000095"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_043d&Pid_0072&MI_00#6&1c42c57c&2&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device1"
.\debug.cpp(400) : Destination "\Device\Astra32Device1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DACFS2k"
.\debug.cpp(400) : Destination "\DCFS2k"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DAIDCAM"
.\debug.cpp(400) : Destination "\Device\DAIDCAM"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device2"
.\debug.cpp(400) : Destination "\Device\Astra32Device2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&1732c3ce&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000086"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4399&SUBSYS_37001565&REV_00#3&267a616a&0&A5#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device3"
.\debug.cpp(400) : Destination "\Device\Astra32Device3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&356f1c15&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&4d616ce&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RealTekCard"
.\debug.cpp(400) : Destination "\Device\RealTekCard"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device4"
.\debug.cpp(400) : Destination "\Device\Astra32Device4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_37001565&REV_00#3&267a616a&0&91#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22LS30_______________1.03____#5&b3cc5de&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device5"
.\debug.cpp(400) : Destination "\Device\Astra32Device5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device6"
.\debug.cpp(400) : Destination "\Device\Astra32Device6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{60BFFD3D-FF46-4D1A-94D9-521DFDAB1FF3}"
.\debug.cpp(400) : Destination "\Device\{60BFFD3D-FF46-4D1A-94D9-521DFDAB1FF3}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device7"
.\debug.cpp(400) : Destination "\Device\Astra32Device7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{51D3263F-9BC5-45BA-8E0F-47AB6437C09B}"
.\debug.cpp(400) : Destination "\Device\{51D3263F-9BC5-45BA-8E0F-47AB6437C09B}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_4#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DNE"
.\debug.cpp(400) : Destination "\Device\DNE"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device8"
.\debug.cpp(400) : Destination "\Device\Astra32Device8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_37001565&REV_00#3&267a616a&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CVPNDRV"
.\debug.cpp(400) : Destination "\Device\CVPNDRV"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\NamedPipe\Spooler\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device9"
.\debug.cpp(400) : Destination "\Device\Astra32Device9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Seagate&Prod_FreeAgentDesktop&Rev_100D#____________6RY1QS69&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&338acb6f&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DNEMAC"
.\debug.cpp(400) : Destination "\Device\DNE"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_4#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureA4B57300Offset7E00Length3A388A8400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\L8042KBD"
.\debug.cpp(400) : Destination "\Device\L8042KBD"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22LS30_______________1.03____#5&b3cc5de&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0bc2&Pid_3000#____________6RY1QS69#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3160023A______________________________8.01____#4a34315345574e30202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP3T0L0-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{06A465C1-DBA0-4FA7-8D24-52E85E912346}"
.\debug.cpp(400) : Destination "\Device\{06A465C1-DBA0-4FA7-8D24-52E85E912346}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\lmouke"
.\debug.cpp(400) : Destination "\Device\lmouke"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 149 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1135) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1137) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1138) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1142) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1143) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1146) :
.\boot_cleaner.cpp(1151) : Done;

Bobbye · Nov 18, 2010

Open Notepad
Copy and paste the text in the codebox into Notepad:
Code:
@ECHO OFF
START 
remover.exe fix  \\.\PhysicalDrive0    
EXIT
Go File > Save As

Save as Type choose All Files

For File Name type fix.bat

Save In> choose Desktop

Save

Double click to Run fix.bat
(You may see a black box appear; this is normal.)

Run remover.exe again and post its output.

Do NOT reboot computer!

mjjamj · Nov 18, 2010

.\debug.cpp(238) : Debug log started at 19.11.2010 - 01:06:46
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0x8b747000 0x00003000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f79000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f68000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba0b8000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000e000 "\WINDOWS\System32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0d8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f49000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb9f23000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba671000 0x00001000 "amdide.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f0b000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba108000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9eeb000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9ed9000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba118000 0x0000f000 "Lbd.sys"
.\debug.cpp(256) : 0xb9ec2000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9eaf000 0x00013000 "WudfPf.sys"
.\debug.cpp(256) : 0xb9e22000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9df5000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba338000 0x00005000 "nv_agp.sys"
.\debug.cpp(256) : 0xb9ddb000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba178000 0x0000d000 "\SystemRoot\system32\DRIVERS\AmdPPM.sys"
.\debug.cpp(256) : 0xb4abd000 0x00553000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys"
.\debug.cpp(256) : 0xa19eb000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xa19c3000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xa19a9000 0x0001a000 "\SystemRoot\system32\DRIVERS\Rtenicxp.sys"
.\debug.cpp(256) : 0xa26ab000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xa269b000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xa268b000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xa1986000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xa2802000 0x00006000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xa27fa000 0x00005000 "\SystemRoot\System32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xa1962000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xa267b000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xa2052000 0x00004000 "\SystemRoot\system32\DRIVERS\L8042Kbd.sys"
.\debug.cpp(256) : 0xa1a47000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xa266b000 0x0000e000 "\SystemRoot\system32\DRIVERS\L8042mou.Sys"
.\debug.cpp(256) : 0xa1950000 0x00012000 "\SystemRoot\system32\DRIVERS\LMouKE.Sys"
.\debug.cpp(256) : 0xa1a3f000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xa193c000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xa265b000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xa204e000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xb085e000 0x00003000 "\SystemRoot\System32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xa1922000 0x0001a000 "\SystemRoot\system32\DRIVERS\dne2000.sys"
.\debug.cpp(256) : 0xa264b000 0x00009000 "\SystemRoot\system32\drivers\povrtdev.sys"
.\debug.cpp(256) : 0xa18fe000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xa263b000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa25a8000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xa262b000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb0856000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xa18e7000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xa261b000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xa21c2000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xa1a37000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xa18d6000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xa21b2000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xa1a2f000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xa1a27000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xa18a6000 0x00030000 "\SystemRoot\System32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xa21a2000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5f4000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xa1848000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xacf91000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xa2192000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba5f8000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xa2182000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x95481000 0x00385000 "\SystemRoot\system32\drivers\RtHDMI.sys"
.\debug.cpp(256) : 0x9502c000 0x00455000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0xa2447000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xa2132000 0x00009000 "\SystemRoot\system32\DRIVERS\DcCam.sys"
.\debug.cpp(256) : 0x95007000 0x00025000 "\SystemRoot\system32\DRIVERS\EXPORTIT.SYS"
.\debug.cpp(256) : 0xba6de000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xa2445000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xb00f3000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xa2443000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xa2441000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xb00eb000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xb00e3000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xba584000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x94fd4000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0x94f7b000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0x94f53000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x94f2d000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xad013000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x94f0b000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xad003000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xacc09000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x94ee0000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x94e70000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xa9707000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xacc01000 0x00008000 "\??\C:\WINDOWS\system32\drivers\BS_I2cIo.sys"
.\debug.cpp(256) : 0xba59c000 0x00004000 "\??\C:\WINDOWS\System32\drivers\BIOS.sys"
.\debug.cpp(256) : 0x94e54000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xa243b000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xa96d7000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xacbe9000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xacbe1000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xb9d93000 0x00004000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
.\debug.cpp(256) : 0xacbd9000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xba54c000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xa96c7000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xacbd1000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x94e3c000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xba632000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa2ce2000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba3a0000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba71a000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x0004e000 "\SystemRoot\System32\ati2dvag.dll"
.\debug.cpp(256) : 0xbf060000 0x000ab000 "\SystemRoot\System32\ati2cqag.dll"
.\debug.cpp(256) : 0xbf10b000 0x000a6000 "\SystemRoot\System32\atikvmag.dll"
.\debug.cpp(256) : 0xbf1b1000 0x00065000 "\SystemRoot\System32\atiok3x2.dll"
.\debug.cpp(256) : 0xbf216000 0x003b9000 "\SystemRoot\System32\ati3duag.dll"
.\debug.cpp(256) : 0xbf9c5000 0x0026c000 "\SystemRoot\System32\ativvaxx.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x91cb5000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xba208000 0x0000a000 "\SystemRoot\system32\drivers\dcfs2k.sys"
.\debug.cpp(256) : 0x91cad000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x919d0000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb5020000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0x9179b000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xa9066000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xa24ad000 0x00001000 "\??\C:\WINDOWS\system32\drivers\aslm75.sys"
.\debug.cpp(256) : 0xba388000 0x00005000 "\??\C:\Program Files\ASTRA32\ASTRA32.sys"
.\debug.cpp(256) : 0x91338000 0x0007b000 "\??\C:\WINDOWS\system32\Drivers\CVPNDRV.sys"
.\debug.cpp(256) : 0x912f7000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xa9034000 0x00001000 "\SystemRoot\System32\Drivers\LBeepKE.sys"
.\debug.cpp(256) : 0x91227000 0x00058000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xba400000 0x00006000 "\SystemRoot\System32\Drivers\TDTCP.SYS"
.\debug.cpp(256) : 0x90cc9000 0x00023000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
.\debug.cpp(256) : 0x90d14000 0x00009000 "\??\C:\WINDOWS\system32\FsUsbExDisk.SYS"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_043d&Pid_0072#15K005000220219#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&396186f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_37001565&REV_00#3&267a616a&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_68B8&SUBSYS_200B1787&REV_00#4&92b7792&0&0010#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0B368CD6-E984-445F-98F6-5DB5B02A9359}"
.\debug.cpp(400) : Destination "\Device\{0B368CD6-E984-445F-98F6-5DB5B02A9359}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bf7162df-17ea-11dc-8ad8-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d42b52b0-f081-11de-958b-00e04db4fbfb}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&338acb6f&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_23071565&REV_02#4&2ba546c5&0&0038#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination "\Device\avgio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3EE1732E-E1EF-446E-AABC-1665BC6FE47B}"
.\debug.cpp(400) : Destination "\Device\{3EE1732E-E1EF-446E-AABC-1665BC6FE47B}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_4#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22LS30_______________1.03____#5&b3cc5de&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C45A509F-B883-4EF3-839E-FCE10EEDF89C}"
.\debug.cpp(400) : Destination "\Device\{C45A509F-B883-4EF3-839E-FCE10EEDF89C}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BS_I2cIo"
.\debug.cpp(400) : Destination "\Device\BS_I2cIo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_043d&Pid_0072&MI_01#6&1c42c57c&2&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\00000093"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature644E644EOffset7E00Length1FFFD58C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Lbd"
.\debug.cpp(400) : Destination "\Device\Lbd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
.\debug.cpp(400) : Destination "\Device\Usbscan0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2963f391-116c-11de-a70f-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CmmqsMiniport"
.\debug.cpp(400) : Destination "\Device\CmmqsMiniport"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&29c19a03&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aslm75"
.\debug.cpp(400) : Destination "\Device\aslm75"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&608788a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FsUsbExDisk"
.\debug.cpp(400) : Destination "\Device\FsUsbExDisk"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BIOS"
.\debug.cpp(400) : Destination "\Device\BIOS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&109931a5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{93ee1f18-b65c-11dc-b29c-000ea60c1973}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device10"
.\debug.cpp(400) : Destination "\Device\Astra32Device10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d424e391-1165-11de-8720-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device11"
.\debug.cpp(400) : Destination "\Device\Astra32Device11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A8C32046-5642-459E-A600-33B948448F65}"
.\debug.cpp(400) : Destination "\Device\{A8C32046-5642-459E-A600-33B948448F65}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device12"
.\debug.cpp(400) : Destination "\Device\Astra32Device12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F03#4&338acb6f&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F03#4&338acb6f&0#{f117b9b3-6e65-11d2-a148-00001c2053de}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device13"
.\debug.cpp(400) : Destination "\Device\Astra32Device13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device14"
.\debug.cpp(400) : Destination "\Device\Astra32Device14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device15"
.\debug.cpp(400) : Destination "\Device\Astra32Device15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1A3CFCCD-F294-4FE3-8B7D-AB8D8F08C861}"
.\debug.cpp(400) : Destination "\Device\{1A3CFCCD-F294-4FE3-8B7D-AB8D8F08C861}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{249365E4-AEA1-457C-988D-54EA21AFA857}"
.\debug.cpp(400) : Destination "\Device\{249365E4-AEA1-457C-988D-54EA21AFA857}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device0"
.\debug.cpp(400) : Destination "\Device\Astra32Device0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&338acb6f&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_37001565&REV_00#3&267a616a&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_043d&Pid_0072&MI_02#7&138084fd&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000096"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_043d&Pid_0072&MI_00#6&1c42c57c&2&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\00000092"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device1"
.\debug.cpp(400) : Destination "\Device\Astra32Device1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DACFS2k"
.\debug.cpp(400) : Destination "\DCFS2k"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DAIDCAM"
.\debug.cpp(400) : Destination "\Device\DAIDCAM"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device2"
.\debug.cpp(400) : Destination "\Device\Astra32Device2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&1732c3ce&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000087"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4399&SUBSYS_37001565&REV_00#3&267a616a&0&A5#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device3"
.\debug.cpp(400) : Destination "\Device\Astra32Device3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&356f1c15&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&4d616ce&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RealTekCard"
.\debug.cpp(400) : Destination "\Device\RealTekCard"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device4"
.\debug.cpp(400) : Destination "\Device\Astra32Device4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_37001565&REV_00#3&267a616a&0&91#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22LS30_______________1.03____#5&b3cc5de&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device5"
.\debug.cpp(400) : Destination "\Device\Astra32Device5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device6"
.\debug.cpp(400) : Destination "\Device\Astra32Device6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{60BFFD3D-FF46-4D1A-94D9-521DFDAB1FF3}"
.\debug.cpp(400) : Destination "\Device\{60BFFD3D-FF46-4D1A-94D9-521DFDAB1FF3}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device7"
.\debug.cpp(400) : Destination "\Device\Astra32Device7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{51D3263F-9BC5-45BA-8E0F-47AB6437C09B}"
.\debug.cpp(400) : Destination "\Device\{51D3263F-9BC5-45BA-8E0F-47AB6437C09B}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_4#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DNE"
.\debug.cpp(400) : Destination "\Device\DNE"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device8"
.\debug.cpp(400) : Destination "\Device\Astra32Device8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_37001565&REV_00#3&267a616a&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CVPNDRV"
.\debug.cpp(400) : Destination "\Device\CVPNDRV"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\NamedPipe\Spooler\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Astra32Device9"
.\debug.cpp(400) : Destination "\Device\Astra32Device9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Seagate&Prod_FreeAgentDesktop&Rev_100D#____________6RY1QS69&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&338acb6f&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DNEMAC"
.\debug.cpp(400) : Destination "\Device\DNE"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_4#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureA4B57300Offset7E00Length3A388A8400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\L8042KBD"
.\debug.cpp(400) : Destination "\Device\L8042KBD"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22LS30_______________1.03____#5&b3cc5de&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10EC0888&REV_1000#4&65973d1&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0bc2&Pid_3000#____________6RY1QS69#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3160023A______________________________8.01____#4a34315345574e30202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP3T0L0-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{06A465C1-DBA0-4FA7-8D24-52E85E912346}"
.\debug.cpp(400) : Destination "\Device\{06A465C1-DBA0-4FA7-8D24-52E85E912346}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\lmouke"
.\debug.cpp(400) : Destination "\Device\lmouke"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(793) : Restoring boot code at \\.\PhysicalDrive0...
.\boot_cleaner.cpp(880) : OK
.\boot_cleaner.cpp(1151) : Done;

mjjamj · Nov 20, 2010

Thanks for your help. You can close this. I ended up reinstalling everything, I couldn;t wait any longer to get this fixed.

Bobbye · Nov 20, 2010

No instant cures here! It's always an option for the member to reformat/reinstall. Thank you for letting me know.

FYI: For the future> Make the subject appropriate for the problem. Everyone who posts here needs help so making the subject 'please help' doesn't get noticed as quickly.

Was having a bunch of problems starting with getting BSOD on boot. Was able to get into Safe mode okay. Scanning revealed a slew of virus and crap that I was able to clean off.

When asking for help, words like bunch, BSOD on boot without the description, slew of virus and crap fail to give any accurate description to the problem you want help with.

TechSpot

[Resolved] Need help please

mjjamj Newcomer, in training

Bobbye Helper on the Fringe

mjjamj Newcomer, in training

Bobbye Helper on the Fringe

mjjamj Newcomer, in training

mjjamj Newcomer, in training

Bobbye Helper on the Fringe

mjjamj Newcomer, in training

mjjamj Newcomer, in training

mjjamj Newcomer, in training

mjjamj Newcomer, in training

Bobbye Helper on the Fringe

mjjamj Newcomer, in training

Bobbye Helper on the Fringe

mjjamj Newcomer, in training

Bobbye Helper on the Fringe

mjjamj Newcomer, in training

mjjamj Newcomer, in training

Bobbye Helper on the Fringe