TechSpot

Svchost.exe (Trojan.agent) Malwarebytes cannot remove/system crashing

Solved
By mmcook
Apr 12, 2012
  1. I fear I am in need of serious help. :( The symptoms began several days ago when my computer would seemingly randomly shut down. I have malwarebytes and ran it and it found some things, requiring reboot. But on re-scan the problems would reappear. Then malwarebytes itself crashed during a scan. My wife ran the Windows Malicious Software removal tool, which purported to find something, but then we became unable to boot the computer at all. Windows would not start. My wife did a system restore which did get the computer to reboot, but we appear to have lost several icons, the "programs" secton of the start menu is empty, and everything is running very slowly.

    Malwarebytes is still finding issues everytime we scan (it says svchost.exe (trojan.agent)). It requires a reboot, but after reboot the same problems are detected still requiring reboot. We are also now seemingly unable to update Malwarebytes itself, as we get an error message when we try.

    I am not good with computers and feel like our machine is on the verge of dying completely. Any help would be tremendously appreciated.


    I am posting the DDS logs as well as the most recent malwarebytes scan:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
    Run by mmcook at 18:46:21 on 2012-04-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2096 [GMT -4:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: {058ebd97-84c5-452a-9433-c54a9896d2aa} - C:\Windows\SysWow64\wscui32.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [EPSON WorkForce 840 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S14BC.tmp" /EF "HKCU"
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [cwcptray] C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [cpQeUCMUEXwA.exe] C:\ProgramData\cpQeUCMUEXwA.exe
    dRun: [AppsUpdate] C:\Users\mmcook\AppData\Local\Apps\AppsUpdate\Appsupdt32.exe
    StartupFolder: C:\Users\mmcook\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    LSP: C:\Windows\system32\cwalsp.dll
    LSP: mswsock.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D372490F-985F-4182-88C3-716C25E2FDFD} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    C:\Windows\SysWow64\wscui32.dll
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun-x64: [cwcptray] C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
    mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [cpQeUCMUEXwA.exe] C:\ProgramData\cpQeUCMUEXwA.exe
    IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\mmcook\AppData\Roaming\Mozilla\Firefox\Profiles\0zw9j5yw.default\
    FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
    FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
    FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-ef80cfd9c83546fe\NPRobloxProxy.dll
    FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-fa4cea1530284e83\NPRobloxProxy.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-14 98208]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 CwAltaService20;ContentWatch;C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe [2010-12-11 2100544]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-9-5 166400]
    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-9-5 128512]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-4-12 517632]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-12-4 2477304]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S4 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
    .
    =============== Created Last 30 ================
    .
    2012-04-12 03:55:23 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-12 03:55:23 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-12 03:55:23 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-12 03:55:23 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-12 03:55:23 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-12 03:55:23 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-12 03:55:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-12 02:36:06 20480 ----a-w- C:\Windows\svchost.exe
    2012-04-09 23:42:48 -------- d--h--w- C:\Program Files (x86)\Microsoft Security Client
    2012-04-09 23:42:35 -------- d--h--w- C:\Program Files\Microsoft Security Client
    2012-04-09 23:15:32 -------- d-----we C:\Windows\system64
    2012-03-14 12:06:31 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-14 12:06:30 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-14 12:06:30 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-14 07:17:24 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-14 07:17:23 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-14 07:17:23 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-14 07:16:14 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-14 07:16:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-14 07:16:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-14 07:16:13 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-14 07:16:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-14 07:16:12 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-14 07:16:12 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    .
    ==================== Find3M ====================
    .
    2012-04-04 19:56:40 24904 ---ha-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-02-04 16:25:55 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 18:47:16.05 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/6/2009 11:34:20 AM
    System Uptime: 4/12/2012 6:33:32 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0T287N
    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | Socket 775 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 588 GiB total, 441.083 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP224: 3/27/2012 8:43:42 PM - Scheduled Checkpoint
    RP225: 4/4/2012 11:12:41 AM - Scheduled Checkpoint
    RP226: 4/7/2012 9:59:03 PM - Restore Operation
    RP227: 4/9/2012 7:28:10 PM - Removed Symantec Endpoint Protection.
    RP228: 4/9/2012 7:53:15 PM - Windows Update
    RP230: 4/9/2012 7:59:27 PM - Microsoft Antimalware Checkpoint
    RP231: 4/11/2012 11:55:01 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ABBYY FineReader 9.0 Sprint
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.1.4 Professional
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0.1
    Age of Mythology Gold
    Amazon Add to Wish List IE Extension 1.2
    Apple Application Support
    Apple Software Update
    ATT-PRT22
    Bing Bar
    Cisco Network Magic
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Compatibility Pack for the 2007 Office system
    D3DX10
    Darkspore™
    Dell Driver Download Manager
    Epson CreativeZone
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    GoToAssist 8.0.0.514
    Intellex Player
    Java Auto Updater
    Java(TM) 6 Update 27
    Junk Mail filter update
    LiveUpdate 3.3 (Symantec Corporation)
    Magic Online
    Magic Set Editor 2.0.0
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox 5.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Musicnotes Software Suite 1.5.5
    Net Nanny Parental Controls 6.0
    Network Magic
    Philips Retractable PC Controller
    Portal 2
    PowerDVD DX
    Pure Networks Platform
    QuickTime
    Realtek High Definition Audio Driver
    Roblox
    Roxio Burn
    Roxio Update Manager
    Seagate Manager Installer
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    SPORE™
    SPORE™ Creepy & Cute Parts Pack
    SPORE™ Galactic Adventures
    Star Wars Battlefront II
    Steam
    System Requirements Lab
    TypingMaster Pro
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/9/2012 7:56:49 PM, Error: Microsoft Antimalware [3002] -
    4/9/2012 7:33:10 PM, Error: SRTSPL [11] - Unable to allocate open file data.
    4/9/2012 7:33:10 PM, Error: Service Control Manager [7000] - The SRTSPL service failed to start due to the following error: A device attached to the system is not functioning.
    4/9/2012 7:33:10 PM, Error: Service Control Manager [7000] - The SRTSP service failed to start due to the following error: A device attached to the system is not functioning.
    4/9/2012 6:16:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    4/9/2012 6:15:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    4/9/2012 6:14:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    4/9/2012 6:12:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    4/9/2012 6:12:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    4/9/2012 6:11:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    4/9/2012 6:11:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/9/2012 6:11:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    4/9/2012 6:11:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/9/2012 6:11:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    4/9/2012 6:10:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002fc6b05). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040912-52541-01.
    4/9/2012 6:10:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx Wanarpv6 WfpLwf ws2ifsl
    4/9/2012 6:10:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/9/2012 6:10:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    4/9/2012 6:10:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/9/2012 6:10:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/9/2012 6:10:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/9/2012 6:10:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    4/9/2012 6:10:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/9/2012 6:10:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    4/9/2012 6:10:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/9/2012 6:10:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/9/2012 10:29:47 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    4/8/2012 9:43:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e6832f, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040812-36410-01.
    4/8/2012 11:35:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e6432f, 0x0000000000000000, 0x000000007ef90000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040812-74942-01.
    4/8/2012 10:17:42 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc400098b8, 0xffffffffc000000e, 0x0000000067821860, 0xfffff88001317c08). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040812-37705-01.
    4/7/2012 9:05:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000002000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002eb6045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040712-59514-01.
    4/7/2012 8:43:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002eca0ea, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040712-29905-01.
    4/7/2012 8:39:23 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    4/7/2012 8:39:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    4/7/2012 8:39:19 PM, Error: Service Control Manager [7022] - The SSDP Discovery service hung on starting.
    4/7/2012 8:39:19 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    4/7/2012 8:35:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    4/7/2012 8:35:38 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/7/2012 8:35:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/7/2012 8:33:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ContentWatch service to connect.
    4/7/2012 8:33:27 PM, Error: Service Control Manager [7000] - The ContentWatch service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/7/2012 8:32:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc40009918, 0xffffffffc000000e, 0x000000001448b860, 0xfffff88001323c08). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040712-63196-01.
    4/7/2012 11:13:48 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    4/7/2012 11:13:48 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    4/7/2012 10:00:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e6232f, 0x0000000000000000, 0x000000007ef90000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040712-31200-01.
    4/12/2012 6:37:32 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
    4/12/2012 6:37:32 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
    4/12/2012 6:37:31 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
    4/12/2012 6:37:30 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    4/12/2012 6:37:23 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
    4/12/2012 6:35:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
    4/12/2012 6:35:48 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    4/12/2012 6:35:47 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    4/12/2012 6:35:46 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    4/12/2012 6:34:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Symantec Management Client service to connect.
    4/12/2012 6:34:09 PM, Error: Service Control Manager [7000] - The Symantec Management Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/12/2012 6:33:39 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    4/12/2012 6:33:39 PM, Error: SRTSP [4] - Error loading virus definitions.
    4/11/2012 6:26:10 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    4/11/2012 11:57:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
    4/11/2012 10:33:43 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    .
    ==== End Of File ===========================


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.10.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    mmcook :: COOK-HOME [administrator]

    4/11/2012 9:28:46 PM
    mbam-log-2012-04-11 (21-28-46).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 513046
    Time elapsed: 1 hour(s), 4 minute(s), 34 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 1296 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
     
  2. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    I still need GMER log.

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ====================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    Thank you so much for your quick reply.

    gmer log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-13 00:18:29
    Windows 6.1.7601 Service Pack 1
    Running: 52gx3x13.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001cd822054e
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001cd822054e (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1WL4SGVM.txt 612 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Z06ISH1H.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IUNLKO0Z.txt 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  4. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    aswMBR:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-13 00:22:08
    -----------------------------
    00:22:08.649 OS Version: Windows x64 6.1.7601 Service Pack 1
    00:22:08.649 Number of processors: 2 586 0x170A
    00:22:08.649 ComputerName: COOK-HOME UserName: mmcook
    00:22:10.479 Initialize success
    00:25:04.964 AVAST engine defs: 12041201
    00:25:21.186 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    00:25:21.186 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
    00:25:21.186 Device \Driver\atapi -> MajorFunction fffffa8004fd85c4
    00:25:21.196 Disk 0 MBR read successfully
    00:25:21.196 Disk 0 MBR scan
    00:25:21.196 Disk 0 MBR:Alureon-M [Rtk]
    00:25:21.206 Disk 0 TDL4@MBR code has been found
    00:25:21.206 Disk 0 Windows 7 default MBR code found via API
    00:25:21.206 Disk 0 MBR hidden
    00:25:21.216 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    00:25:21.226 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 7918 MB offset 112640
    00:25:21.236 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 602506 MB offset 16328704
    00:25:21.246 Disk 0 MBR [TDL4] **ROOTKIT**
    00:25:21.596 Disk 0 trace - called modules:
    00:25:21.606 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004fd85c4]<<
    00:25:21.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048e76a0]
    00:25:21.616 3 CLASSPNP.SYS[fffff8800194843f] -> nt!IofCallDriver -> [0xfffffa800448e580]
    00:25:21.626 5 ACPI.sys[fffff88000fae7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004794060]
    00:25:21.626 \Driver\atapi[0xfffffa8004ef8e70] -> IRP_MJ_CREATE -> 0xfffffa8004fd85c4
    00:25:23.096 AVAST engine scan C:\Windows
    00:25:25.897 AVAST engine scan C:\Windows\system32
    00:25:34.959 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
    00:27:03.797 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
    00:27:05.748 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
    00:27:56.487 AVAST engine scan C:\Windows\system32\drivers
    00:28:08.910 AVAST engine scan C:\Users\mmcook
    00:30:01.707 File: C:\Users\mmcook\AppData\Local\Temp\w7e1145.tmp.exe **INFECTED** Win32:Malware-gen
    00:31:25.749 File: C:\Users\mmcook\AppData\Roaming\Obfo\doenqia.exe **INFECTED** Win32:Dropper-KOS [Drp]
    00:33:57.340 AVAST engine scan C:\ProgramData
    00:35:45.042 File: C:\ProgramData\NaDwLaiRnW.exe **INFECTED** Win32:Dropper-KPJ [Trj]
    00:36:55.294 Scan finished successfully
    00:41:35.876 Disk 0 MBR has been saved successfully to "C:\Users\mmcook\Documents\MBR.dat"
    00:41:35.876 The log file has been saved successfully to "C:\Users\mmcook\Documents\aswMBR.txt"
     
  5. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    I had some trouble running the Bootkit remover. I never found an option to run quite the way you described. I had to "extract" some compressed files, and it said it ran, but then I couldn't save the data on the black screen as you were requesting. When I tried to save it, it seemed to save a copy of my previous posts to this thread instead. I saw a file labeled bootkit remover debug log, however, so I'm pasting that in the hope it will possibly be what you need.

    Part 1:

    .\debug.cpp(238) : Debug log started at 13.04.2012 - 04:54:22
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601), 64-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x02e0b000 0x005e8000 "\SystemRoot\system32\ntoskrnl.exe"
    .\debug.cpp(256) : 0x033f3000 0x00049000 "\SystemRoot\system32\hal.dll"
    .\debug.cpp(256) : 0x00bb5000 0x00003000 "\SystemRoot\system32\kdcom.dll"
    .\debug.cpp(256) : 0x00c11000 0x0004f000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
    .\debug.cpp(256) : 0x00c60000 0x00014000 "\SystemRoot\system32\PSHED.dll"
    .\debug.cpp(256) : 0x00c74000 0x0005e000 "\SystemRoot\system32\CLFS.SYS"
    .\debug.cpp(256) : 0x00cd2000 0x000c0000 "\SystemRoot\system32\CI.dll"
    .\debug.cpp(256) : 0x00ef0000 0x000a4000 "\SystemRoot\system32\drivers\Wdf01000.sys"
    .\debug.cpp(256) : 0x00f94000 0x0000f000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
    .\debug.cpp(256) : 0x00fa3000 0x00057000 "\SystemRoot\system32\drivers\ACPI.sys"
    .\debug.cpp(256) : 0x00e00000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
    .\debug.cpp(256) : 0x00e09000 0x0000a000 "\SystemRoot\system32\drivers\msisadrv.sys"
    .\debug.cpp(256) : 0x00e13000 0x00033000 "\SystemRoot\system32\drivers\pci.sys"
    .\debug.cpp(256) : 0x00e46000 0x0000d000 "\SystemRoot\system32\drivers\vdrvroot.sys"
    .\debug.cpp(256) : 0x00e53000 0x00015000 "\SystemRoot\System32\drivers\partmgr.sys"
    .\debug.cpp(256) : 0x00e68000 0x00015000 "\SystemRoot\system32\drivers\volmgr.sys"
    .\debug.cpp(256) : 0x00e7d000 0x0005c000 "\SystemRoot\System32\drivers\volmgrx.sys"
    .\debug.cpp(256) : 0x00ed9000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
    .\debug.cpp(256) : 0x00ee0000 0x00010000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
    .\debug.cpp(256) : 0x00d92000 0x0001a000 "\SystemRoot\System32\drivers\mountmgr.sys"
    .\debug.cpp(256) : 0x00dac000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
    .\debug.cpp(256) : 0x00db5000 0x0002a000 "\SystemRoot\system32\drivers\ataport.SYS"
    .\debug.cpp(256) : 0x00ddf000 0x0000b000 "\SystemRoot\system32\drivers\amdxata.sys"
    .\debug.cpp(256) : 0x010bc000 0x0004c000 "\SystemRoot\system32\drivers\fltmgr.sys"
    .\debug.cpp(256) : 0x01108000 0x00014000 "\SystemRoot\system32\drivers\fileinfo.sys"
    .\debug.cpp(256) : 0x0111c000 0x0000c000 "\SystemRoot\System32\Drivers\PxHlpa64.sys"
    .\debug.cpp(256) : 0x01212000 0x001a3000 "\SystemRoot\System32\Drivers\Ntfs.sys"
    .\debug.cpp(256) : 0x01128000 0x0005e000 "\SystemRoot\System32\Drivers\msrpc.sys"
    .\debug.cpp(256) : 0x013b5000 0x0001b000 "\SystemRoot\System32\Drivers\ksecdd.sys"
    .\debug.cpp(256) : 0x01186000 0x00072000 "\SystemRoot\System32\Drivers\cng.sys"
    .\debug.cpp(256) : 0x013d0000 0x00011000 "\SystemRoot\System32\drivers\pcw.sys"
    .\debug.cpp(256) : 0x013e1000 0x0000a000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
    .\debug.cpp(256) : 0x01485000 0x000f3000 "\SystemRoot\system32\drivers\ndis.sys"
    .\debug.cpp(256) : 0x01578000 0x00060000 "\SystemRoot\system32\drivers\NETIO.SYS"
    .\debug.cpp(256) : 0x01400000 0x0002b000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
    .\debug.cpp(256) : 0x01600000 0x00204000 "\SystemRoot\System32\drivers\tcpip.sys"
    .\debug.cpp(256) : 0x01804000 0x0004a000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
    .\debug.cpp(256) : 0x0184e000 0x0004c000 "\SystemRoot\system32\drivers\volsnap.sys"
    .\debug.cpp(256) : 0x0189a000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
    .\debug.cpp(256) : 0x018a2000 0x0003a000 "\SystemRoot\System32\drivers\rdyboost.sys"
    .\debug.cpp(256) : 0x018dc000 0x00012000 "\SystemRoot\System32\Drivers\mup.sys"
    .\debug.cpp(256) : 0x018ee000 0x00009000 "\SystemRoot\System32\drivers\hwpolicy.sys"
    .\debug.cpp(256) : 0x018f7000 0x0003a000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
    .\debug.cpp(256) : 0x01931000 0x00016000 "\SystemRoot\system32\DRIVERS\disk.sys"
    .\debug.cpp(256) : 0x01947000 0x00030000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0x019ad000 0x0002a000 "\SystemRoot\system32\drivers\cdrom.sys"
    .\debug.cpp(256) : 0x019d7000 0x00009000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0x019e0000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0x019e7000 0x0000e000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0x0142b000 0x00025000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0x01450000 0x00010000 "\SystemRoot\System32\drivers\watchdog.sys"
    .\debug.cpp(256) : 0x019f5000 0x00009000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0x01460000 0x00009000 "\SystemRoot\system32\drivers\rdpencdd.sys"
    .\debug.cpp(256) : 0x01469000 0x00009000 "\SystemRoot\system32\drivers\rdprefmp.sys"
    .\debug.cpp(256) : 0x01472000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0x015d8000 0x00011000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0x01074000 0x00022000 "\SystemRoot\system32\DRIVERS\tdx.sys"
    .\debug.cpp(256) : 0x015e9000 0x0000d000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0x02c8d000 0x00089000 "\SystemRoot\system32\drivers\afd.sys"
    .\debug.cpp(256) : 0x02d16000 0x00045000 "\SystemRoot\System32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0x02d5b000 0x0000b000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
    .\debug.cpp(256) : 0x02d66000 0x00009000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
    .\debug.cpp(256) : 0x02d6f000 0x00026000 "\SystemRoot\system32\DRIVERS\pacer.sys"
    .\debug.cpp(256) : 0x02d95000 0x0000f000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0x02da4000 0x0001b000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0x02dbf000 0x00014000 "\SystemRoot\system32\drivers\termdd.sys"
    .\debug.cpp(256) : 0x02dd3000 0x00014000 "\SystemRoot\System32\Drivers\SRTSPX64.SYS"
    .\debug.cpp(256) : 0x02c00000 0x00051000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0x02c51000 0x0000c000 "\SystemRoot\system32\drivers\nsiproxy.sys"
    .\debug.cpp(256) : 0x02c5d000 0x0000b000 "\SystemRoot\system32\drivers\mssmbios.sys"
    .\debug.cpp(256) : 0x03af1000 0x00079000 "\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys"
    .\debug.cpp(256) : 0x03b6a000 0x0000f000 "\SystemRoot\System32\drivers\discache.sys"
    .\debug.cpp(256) : 0x03b79000 0x0001e000 "\SystemRoot\System32\Drivers\dfsc.sys"
    .\debug.cpp(256) : 0x03b97000 0x0001b000 "\SystemRoot\system32\DRIVERS\ctxusbm.sys"
    .\debug.cpp(256) : 0x03bb2000 0x00011000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
    .\debug.cpp(256) : 0x03bc3000 0x00026000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
    .\debug.cpp(256) : 0x03be9000 0x00016000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
    .\debug.cpp(256) : 0x04010000 0x005e5000 "\SystemRoot\system32\DRIVERS\igdkmd64.sys"
    .\debug.cpp(256) : 0x04893000 0x000f4000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
    .\debug.cpp(256) : 0x04987000 0x00046000 "\SystemRoot\System32\drivers\dxgmms1.sys"
    .\debug.cpp(256) : 0x049cd000 0x0000d000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
    .\debug.cpp(256) : 0x04800000 0x00056000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0x04856000 0x00011000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0x04867000 0x00024000 "\SystemRoot\system32\drivers\HDAudBus.sys"
    .\debug.cpp(256) : 0x03a00000 0x00085000 "\SystemRoot\system32\DRIVERS\Rt64win7.sys"
    .\debug.cpp(256) : 0x049da000 0x0000d000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
    .\debug.cpp(256) : 0x049e7000 0x00010000 "\SystemRoot\system32\drivers\CompositeBus.sys"
    .\debug.cpp(256) : 0x03a85000 0x00016000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
    .\debug.cpp(256) : 0x03a9b000 0x00024000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0x04000000 0x0000c000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0x03abf000 0x0002f000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0x02c68000 0x0001b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0x01096000 0x00021000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0x01000000 0x0001a000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
    .\debug.cpp(256) : 0x02de7000 0x0000f000 "\SystemRoot\system32\drivers\kbdclass.sys"
    .\debug.cpp(256) : 0x013eb000 0x0000f000 "\SystemRoot\system32\drivers\mouclass.sys"
    .\debug.cpp(256) : 0x049f7000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
    .\debug.cpp(256) : 0x0101a000 0x00043000 "\SystemRoot\system32\drivers\ks.sys"
    .\debug.cpp(256) : 0x01200000 0x00012000 "\SystemRoot\system32\drivers\umbus.sys"
    .\debug.cpp(256) : 0x03cb0000 0x0005a000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0x03d0a000 0x00015000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0x05c4d000 0x0026a000 "\SystemRoot\system32\drivers\RTKVHD64.sys"
    .\debug.cpp(256) : 0x05eb7000 0x0003d000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0x05ef4000 0x00022000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0x05f16000 0x00006000 "\SystemRoot\system32\drivers\ksthunk.sys"
    .\debug.cpp(256) : 0x000c0000 0x00315000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0x05f1c000 0x0000c000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0x05f28000 0x0000e000 "\SystemRoot\System32\Drivers\crashdmp.sys"
    .\debug.cpp(256) : 0x05f36000 0x0000c000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
    .\debug.cpp(256) : 0x05f42000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
    .\debug.cpp(256) : 0x05f4b000 0x00013000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
    .\debug.cpp(256) : 0x05f5e000 0x0001d000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0x05f7b000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0x05f7d000 0x0000e000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
    .\debug.cpp(256) : 0x05f8b000 0x00019000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0x05fa4000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0x05fad000 0x0000e000 "\SystemRoot\system32\drivers\kbdhid.sys"
    .\debug.cpp(256) : 0x05fbb000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0x05fc8000 0x0001b000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
    .\debug.cpp(256) : 0x05fe3000 0x00011000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
    .\debug.cpp(256) : 0x05ff4000 0x0000c000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
    .\debug.cpp(256) : 0x05c00000 0x0000e000 "\SystemRoot\system32\DRIVERS\monitor.sys"
    .\debug.cpp(256) : 0x005b0000 0x0000a000 "\SystemRoot\System32\TSDDD.dll"
    .\debug.cpp(256) : 0x007c0000 0x00027000 "\SystemRoot\System32\cdd.dll"
    .\debug.cpp(256) : 0x05c0e000 0x00023000 "\SystemRoot\system32\drivers\luafv.sys"
    .\debug.cpp(256) : 0x03d1f000 0x00021000 "\SystemRoot\system32\drivers\WudfPf.sys"
    .\debug.cpp(256) : 0x05c31000 0x00015000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
    .\debug.cpp(256) : 0x03d40000 0x0000c000 "\SystemRoot\system32\DRIVERS\pnarp.sys"
    .\debug.cpp(256) : 0x03d4c000 0x0000c000 "\SystemRoot\system32\DRIVERS\purendis.sys"
    .\debug.cpp(256) : 0x03d58000 0x00018000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
    .\debug.cpp(256) : 0x024d5000 0x000c9000 "\SystemRoot\system32\drivers\HTTP.sys"
    .\debug.cpp(256) : 0x0259e000 0x00031000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
    .\debug.cpp(256) : 0x025cf000 0x0001e000 "\SystemRoot\system32\DRIVERS\bowser.sys"
    .\debug.cpp(256) : 0x02400000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0x0242d000 0x0004e000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
    .\debug.cpp(256) : 0x0247b000 0x00024000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
    .\debug.cpp(256) : 0x03d70000 0x00069000 "\SystemRoot\System32\DRIVERS\srv2.sys"
    .\debug.cpp(256) : 0x03c00000 0x00098000 "\SystemRoot\System32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0x02a31000 0x000a6000 "\SystemRoot\system32\drivers\peauth.sys"
    .\debug.cpp(256) : 0x02ad7000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS"
    .\debug.cpp(256) : 0x02ae2000 0x00012000 "\SystemRoot\System32\drivers\tcpipreg.sys"
    .\debug.cpp(256) : 0x02af4000 0x00031000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
    .\debug.cpp(256) : 0x02b25000 0x00036000 "\SystemRoot\System32\Drivers\fastfat.SYS"
    .\debug.cpp(256) : 0x02bcc000 0x0000f000 "\??\C:\Users\mmcook\AppData\Local\Temp\aswMBR.sys"
    .\debug.cpp(256) : 0x76f50000 0x001a9000 "\Windows\System32\ntdll.dll"
    .\debug.cpp(256) : 0x47ba0000 0x00020000 "\Windows\System32\smss.exe"
    .\debug.cpp(256) : 0xff270000 0x00050000 "\Windows\System32\apisetschema.dll"
    .\debug.cpp(256) : 0xff380000 0x000c1000 "\Windows\System32\autochk.exe"
    .\debug.cpp(256) : 0xff050000 0x00203000 "\Windows\System32\ole32.dll"
    .\debug.cpp(256) : 0x76df0000 0x0015a000 "\Windows\System32\wininet.dll"
    .\debug.cpp(256) : 0xff030000 0x0001f000 "\Windows\System32\sechost.dll"
    .\debug.cpp(256) : 0xff000000 0x0002e000 "\Windows\System32\imm32.dll"
    .\debug.cpp(256) : 0xfeff0000 0x0000e000 "\Windows\System32\lpk.dll"
    .\debug.cpp(256) : 0xfef70000 0x00080000 "\Windows\System32\difxapi.dll"
    .\debug.cpp(256) : 0xfef60000 0x00008000 "\Windows\System32\nsi.dll"
    .\debug.cpp(256) : 0xfee80000 0x000db000 "\Windows\System32\advapi32.dll"
    .\debug.cpp(256) : 0xfee00000 0x00071000 "\Windows\System32\shlwapi.dll"
    .\debug.cpp(256) : 0xfeda0000 0x00052000 "\Windows\System32\Wldap32.dll"
    .\debug.cpp(256) : 0xfecc0000 0x000d7000 "\Windows\System32\oleaut32.dll"
    .\debug.cpp(256) : 0x76be0000 0x0020f000 "\Windows\System32\iertutil.dll"
    .\debug.cpp(256) : 0xfec20000 0x00099000 "\Windows\System32\clbcatq.dll"
    .\debug.cpp(256) : 0xfde90000 0x00d88000 "\Windows\System32\shell32.dll"
    .\debug.cpp(256) : 0xfde20000 0x00067000 "\Windows\System32\gdi32.dll"
    .\debug.cpp(256) : 0xfdcf0000 0x0012d000 "\Windows\System32\rpcrt4.dll"
    .\debug.cpp(256) : 0xfdc50000 0x00097000 "\Windows\System32\comdlg32.dll"
    .\debug.cpp(256) : 0x77120000 0x00003000 "\Windows\System32\normaliz.dll"
    .\debug.cpp(256) : 0x77110000 0x00007000 "\Windows\System32\psapi.dll"
    .\debug.cpp(256) : 0x76a90000 0x0014d000 "\Windows\System32\urlmon.dll"
    .\debug.cpp(256) : 0xfdc30000 0x00019000 "\Windows\System32\imagehlp.dll"
    .\debug.cpp(256) : 0xfdb20000 0x00109000 "\Windows\System32\msctf.dll"
    .\debug.cpp(256) : 0xfda50000 0x000c9000 "\Windows\System32\usp10.dll"
    .\debug.cpp(256) : 0xfd9b0000 0x0009f000 "\Windows\System32\msvcrt.dll"
    .\debug.cpp(256) : 0xfd7d0000 0x001d7000 "\Windows\System32\setupapi.dll"
    .\debug.cpp(256) : 0x76990000 0x000fa000 "\Windows\System32\user32.dll"
    .\debug.cpp(256) : 0xfd780000 0x0004d000 "\Windows\System32\ws2_32.dll"
    .\debug.cpp(256) : 0x76870000 0x0011f000 "\Windows\System32\kernel32.dll"
    .\debug.cpp(256) : 0xfd710000 0x0006c000 "\Windows\System32\KernelBase.dll"
    .\debug.cpp(256) : 0xfd5a0000 0x00167000 "\Windows\System32\crypt32.dll"
    .\debug.cpp(256) : 0xfd560000 0x0003a000 "\Windows\System32\wintrust.dll"
    .\debug.cpp(256) : 0xfd520000 0x00036000 "\Windows\System32\cfgmgr32.dll"
    .\debug.cpp(256) : 0xfd480000 0x000a0000 "\Windows\System32\comctl32.dll"
    .\debug.cpp(256) : 0xfd460000 0x0001a000 "\Windows\System32\devobj.dll"
    .\debug.cpp(256) : 0xfd450000 0x0000f000 "\Windows\System32\msasn1.dll"
    .\debug.cpp(256) : 0x760a0000 0x00003000 "\Windows\SysWOW64\normaliz.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A7F6A226-F99C-4A4F-B516-E9E118155679}"
    .\debug.cpp(400) : Destination "\Device\NDMP6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{e2b649c1-d958-11de-9bda-806e6f6e6963}#00000001F2500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C509&MI_00#7&29d951de&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000006b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C509&MI_01&Col03#7&602141c&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000006e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e2b649d8-d958-11de-9bda-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_23_-_Pentium(R)_Dual-Core__CPU______E5300__@_2.60GHz#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-467093d0-eca7-47f9-a836-0d589799d01a"
    .\debug.cpp(400) : Destination "\Device\HostProcess-467093d0-eca7-47f9-a836-0d589799d01a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
    .\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
    .\debug.cpp(400) : Destination "\Device\Harddisk2\DR2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PnArp"
    .\debug.cpp(400) : Destination "\Device\PnArp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e2b649d9-d958-11de-9bda-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-H653G_______________DW10____#5&33e93e06&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
    .\debug.cpp(400) : Destination "\Device\Psched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_058F&PID_6362#058F63626420#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC&Rev_1.00#058F63626420&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000071"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
    .\debug.cpp(400) : Destination "\Device\Harddisk3\DR3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CtxUsbMonitor"
    .\debug.cpp(400) : Destination "\Device\CtxUsbMonitor"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_02E01028&REV_02#3&2411e6fe&1&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
    .\debug.cpp(400) : Destination "\Device\AscKmd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626420&3##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\00000082"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"
    .\debug.cpp(400) : Destination "\Device\Harddisk4\DR4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&339b85d4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&190a0c5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-8a281bdd-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-8a281bdd-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-8a281be6-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-8a281be6-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive5"
    .\debug.cpp(400) : Destination "\Device\Harddisk5\DR5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C509&MI_01&Col01#7&602141c&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000006c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000007e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E43D242B-9EAB-4626-A952-46649FBB939A}"
    .\debug.cpp(400) : Destination "\Device\NDMP7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.01#058F63626420&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.01#058F63626420&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
    .\debug.cpp(400) : Destination "\Device\AgileVPN"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
    .\debug.cpp(400) : Destination "\Device\USBFDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_102802E0&REV_1000#4&32634e45&0&0201#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
    .\debug.cpp(400) : Destination "\Device\00000065"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
    .\debug.cpp(400) : Destination "\Device\IPSECDOSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_02E01028&REV_02#4&22f9660c&0&00E5#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
    .\debug.cpp(400) : Destination "\Device\PEAuth"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\00000083"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
    .\debug.cpp(400) : Destination "\Device\Usbscan0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\purendis"
    .\debug.cpp(400) : Destination "\Device\purendis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&3dcedfa&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_02E01028&REV_02#4&22f9660c&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&114a74cf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk2Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626420&3##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\00000082"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_102802E0&REV_1000#4&32634e45&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000065"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_02E01028&REV_02#3&2411e6fe&1&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NDMP9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC&Rev_1.00#058F63626420&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_102802E0&REV_1000#4&32634e45&0&0201#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\00000065"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#DELA04C#4&1c820861&0&UID16843008#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
    .\debug.cpp(400) : Destination "\Device\0000007d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
    .\debug.cpp(400) : Destination "\Device\SPDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_29C2&SUBSYS_02E01028&REV_02#3&2411e6fe&1&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04B8&PID_086A&MI_00#6&2e22efe1&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\00000076"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-41fcb7ba-7973-435a-9e29-22d9ea330f7e"
    .\debug.cpp(400) : Destination "\Device\HostProcess-41fcb7ba-7973-435a-9e29-22d9ea330f7e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-H653G_______________DW10____#5&33e93e06&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{e2b649c1-d958-11de-9bda-806e6f6e6963}#0000000003700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
    .\debug.cpp(400) : Destination "\Device\EraserCtrlDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C509&MI_01&Col01#7&602141c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000006c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??
     
  6. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    Part 2:


    _USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&2500AC2&0&4D5737593036353675&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\00000080"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic-&Prod_SM#xD_Picture&Rev_1.02#058F63626420&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&53af792&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000043"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD_PICTURE&REV_1.02#058F63626420&2##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\00000084"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_02E01028&REV_02#3&2411e6fe&1&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
    .\debug.cpp(400) : Destination "\Device\USBFDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_102802E0&REV_1000#4&32634e45&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000065"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}"
    .\debug.cpp(400) : Destination "\Device\NDMP11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{80B2EECE-73E8-40C0-9A14-4EF6FA1028F1}"
    .\debug.cpp(400) : Destination "\Device\NDMP1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_EPSON&Prod_Storage&Rev_1.00#7&2500ac2&0&4D5737593036353675&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_02E01028&REV_02#3&2411e6fe&1&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_102802E0&REV_1000#4&32634e45&0&0201#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000065"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-fdb705d2-7e2d-4f03-bcde-07d0c143f63f"
    .\debug.cpp(400) : Destination "\Device\HostProcess-fdb705d2-7e2d-4f03-bcde-07d0c143f63f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e2b649c5-d958-11de-9bda-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&210e3736&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C509&MI_01&Col04#7&602141c&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD_PICTURE&REV_1.02#058F63626420&2##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\00000084"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e2b649c6-d958-11de-9bda-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&424d3a4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
    .\debug.cpp(400) : Destination "\clfs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D372490F-985F-4182-88C3-716C25E2FDFD}"
    .\debug.cpp(400) : Destination "\Device\NDMP5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_EPSON&Prod_Storage&Rev_1.00#7&2500ac2&0&4D5737593036353675&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-e79fbe28-3bc5-48b2-8c8a-a993cfc178b2"
    .\debug.cpp(400) : Destination "\Device\HostProcess-e79fbe28-3bc5-48b2-8c8a-a993cfc178b2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A09906D5-CCC5-4D2B-84E5-A12A1AAB4B77}"
    .\debug.cpp(400) : Destination "\Device\NDMP3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMBR"
    .\debug.cpp(400) : Destination "\Device\aswMBR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04B8&PID_086A&MI_01#6&2e22efe1&0&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
    .\debug.cpp(400) : Destination "\Device\00000077"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk4Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e2b649c9-d958-11de-9bda-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
    .\debug.cpp(400) : Destination "\Device\SRTSPX"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
    .\debug.cpp(400) : Destination "\Device\NDMP8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk1Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_29C2&SUBSYS_02E01028&REV_02#3&2411e6fe&1&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&2500AC2&0&4D5737593036353675&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\00000080"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000048"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&210e3736&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
    .\debug.cpp(400) : Destination "\Device\WANARPV6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e2b649da-d958-11de-9bda-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
    .\debug.cpp(400) : Destination "\Device\Nsi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_02E01028&REV_02#3&2411e6fe&1&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C509&MI_00#7&29d951de&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000006b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-8a281bdc-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-8a281bdc-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-8a281bee-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-8a281bee-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_SM#xD_Picture&Rev_1.02#058F63626420&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000073"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e2b649db-d958-11de-9bda-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
    .\debug.cpp(400) : Destination "\Device\USBFDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&3dcedfa&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_02E01028&REV_02#3&2411e6fe&1&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
    .\debug.cpp(400) : Destination "\Device\Secdrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\00000046"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic-&Prod_MS#MS-Pro&Rev_1.03#058F63626420&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_102802E0&REV_1000#4&32634e45&0&0201#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000065"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
    .\debug.cpp(400) : Destination "\Device\SstpDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
    .\debug.cpp(400) : Destination "\Device\TeredoTun"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&362fb8b3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04B8&PID_086A#4D5737593036353675#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume7"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}"
    .\debug.cpp(400) : Destination "\Device\NDMP12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
    .\debug.cpp(400) : Destination "\Device\WFP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&18cedc22&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume8"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#DELA04C#4&1c820861&0&UID16843008#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
    .\debug.cpp(400) : Destination "\Device\0000007d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}"
    .\debug.cpp(400) : Destination "\Device\NDMP13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{e2b649c1-d958-11de-9bda-806e6f6e6963}#0000000000007E00#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f3eaf962-d7c3-11e0-b297-0024e826b410}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
    .\debug.cpp(400) : Destination "\Device\WfpAle"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_02E01028&REV_02#3&2411e6fe&1&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C509#5&1b3e5f8a&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
    .\debug.cpp(400) : Destination "\Device\00000033"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
    .\debug.cpp(400) : Destination "\Device\ProcessManagement"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C509&MI_01&Col02#7&602141c&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BC4CB3F5-9185-4FBC-8D32-EBDA66DBA2DC}"
    .\debug.cpp(400) : Destination "\Device\NDMP4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
    .\debug.cpp(400) : Destination "\Device\PartmgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\00000083"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D89AADB1-4279-4963-A9C0-4054CCAC721F}"
    .\debug.cpp(400) : Destination "\Device\NDMP2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_MS#MS-Pro&Rev_1.03#058F63626420&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000074"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk5Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
    .\debug.cpp(400) : Destination "\Device\NDMP10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2c9eb0b5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-8a281be1-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-8a281be1-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-8a281bea-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-8a281bea-84ef-11e1-926e-0024e826b410"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_102802E0&REV_1000#4&32634e45&0&0201#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
    .\debug.cpp(400) : Destination "\Device\00000065"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_02E01028&REV_02#3&2411e6fe&1&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_23_-_Pentium(R)_Dual-Core__CPU______E5300__@_2.60GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk3Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination "\Device\USBFDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD6400AAKS-75A7B2___________________01.03B01#5&68cb340&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`f2500000
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 596 GB \\.\PhysicalDrive0 Controlled by rootkit!
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1136) : Boot code on some of your physical disks is hidden by a rootkit.
    .\boot_cleaner.cpp(1138) : To disinfect the master boot sector, use the following command:
    .\boot_cleaner.cpp(1139) : remover.exe fix <device_name>
    .\boot_cleaner.cpp(1143) : To inspect the boot code manually, dump the master boot sector:
    .\boot_cleaner.cpp(1144) : remover.exe dump <device_name> [output_file]
    .\boot_cleaner.cpp(1147) :
    .\boot_cleaner.cpp(1152) : Done;
     
  7. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  8. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    I was attempting to download the TDSSKiller when my system crashed.

    It was after I had downloaded the file but before I unzipped it. I received more than a dozen pop-up messages saying "System Message Write Fault Error" "A write command during the test has failed to complete. The may be due to a media or read/write error. The system generates an exception error when using a reference to an invalid system mempry access." I was then given the choices of Cancel/Try Again/Continue.

    I canceled all of the pop up messages and attempted to continue to run the TDSSKiller and my computer shut down and restarted. I was prompted to reboot in Safe Mode/Safe Mode with Networking/Start Windows Normally. I chose "Safe Mode with Networking."

    Not sure what to do now. I believe the program did download. Can I/Should I try to run this from Safe Mode under these circumstances?
     
  9. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Yes please.
     
  10. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    Oh dear.

    The scan ran in safe mode fine. Right at the end I received an error message that read "There is a problem with your ContentWatch Installation. Please try to uninstall and reinstall the program. If the problem persists contact customer support."

    I was prompted to reboot by the TDSSKiller and rebooted into normal mode.

    I found the log and was in the process of typing a message to you here when the system crashed again. I got the same series of multiple System Message Write Fault Errors" as well as a Windows message saying "System Error Hard Disk Failure Detected". I was prompted to scan now to attempt to "fix" it or scan later which would require a reboot. I tried to close the window without making a selection in an attempt to finish posting the log to you here and the computer shut down again.

    I can reboot in Safe Mode, but then I have no Internet, even if I choose Safe Mode with Networking. I'm posting this message from another machine. I keep getting the "There is a problem with your ContentWatch Installation" error message even in Safe Mode.

    I can try to reboot in normal mode and find the log, get online, and paste it here before the system crashes again, but I'm not particularly fast and I'm afraid it won't work.

    Suggestions?
     
  11. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    For now do not enter normal mode at all. Stay in safe mode.
    Copy the log to USB flash drive and post it from another computer.

    IMPORTANT!
    Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.
     
     
  12. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    I cannot find the log in Safe Mode. I actually can't find any programs in safe mode. The only Icons that appear when I hit the start icon are ones for Malwarebytes, World of Warcraft, Photoshop, and Internet Explorer. TDSSKiller icon is on the desktop, but there is not an option for retrieving old logs. When I hit that icon it just asks if I want to run the program again (and it doesn't find anything when I re-run it).
     
  13. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    If you hold Windows logo key and press "E" will Windows explorer open?
     
  14. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    Hey, that worked :)

    The log is there. Now I just need to find a USB Drive....

    Will post when I find one.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    OK :)............
     
  16. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    Ok, think I got it:


    (part 1)


    18:23:29.0614 1436 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    18:23:31.0692 1436 ============================================================
    18:23:31.0692 1436 Current date / time: 2012/04/13 18:23:31.0692
    18:23:31.0692 1436 SystemInfo:
    18:23:31.0692 1436
    18:23:31.0692 1436 OS Version: 6.1.7601 ServicePack: 1.0
    18:23:31.0692 1436 Product type: Workstation
    18:23:31.0692 1436 ComputerName: COOK-HOME
    18:23:31.0694 1436 UserName: mmcook
    18:23:31.0694 1436 Windows directory: C:\Windows
    18:23:31.0694 1436 System windows directory: C:\Windows
    18:23:31.0694 1436 Running under WOW64
    18:23:31.0694 1436 Processor architecture: Intel x64
    18:23:31.0694 1436 Number of processors: 2
    18:23:31.0694 1436 Page size: 0x1000
    18:23:31.0694 1436 Boot type: Safe boot with network
    18:23:31.0694 1436 ============================================================
    18:23:33.0077 1436 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:23:33.0100 1436 \Device\Harddisk0\DR0:
    18:23:33.0100 1436 MBR used
    18:23:33.0100 1436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0xF77000
    18:23:33.0100 1436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF92800, BlocksNum 0x498C5000
    18:23:33.0122 1436 Initialize success
    18:23:33.0122 1436 ============================================================
    18:23:41.0043 0664 ============================================================
    18:23:41.0043 0664 Scan started
    18:23:41.0043 0664 Mode: Manual;
    18:23:41.0043 0664 ============================================================
    18:23:43.0046 0664 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    18:23:43.0049 0664 1394ohci - ok
    18:23:43.0289 0664 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    18:23:43.0384 0664 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
    18:23:43.0462 0664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    18:23:43.0465 0664 ACPI - ok
    18:23:43.0510 0664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    18:23:43.0511 0664 AcpiPmi - ok
    18:23:43.0607 0664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:23:43.0623 0664 adp94xx - ok
    18:23:43.0651 0664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:23:43.0655 0664 adpahci - ok
    18:23:43.0668 0664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:23:43.0670 0664 adpu320 - ok
    18:23:43.0711 0664 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    18:23:43.0728 0664 AeLookupSvc - ok
    18:23:43.0819 0664 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    18:23:43.0823 0664 AERTFilters - ok
    18:23:43.0922 0664 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    18:23:43.0928 0664 AFD - ok
    18:23:43.0959 0664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    18:23:43.0960 0664 agp440 - ok
    18:23:44.0004 0664 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    18:23:44.0005 0664 ALG - ok
    18:23:44.0034 0664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    18:23:44.0038 0664 aliide - ok
    18:23:44.0064 0664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    18:23:44.0067 0664 amdide - ok
    18:23:44.0095 0664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:23:44.0097 0664 AmdK8 - ok
    18:23:44.0110 0664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:23:44.0112 0664 AmdPPM - ok
    18:23:44.0161 0664 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    18:23:44.0173 0664 amdsata - ok
    18:23:44.0290 0664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:23:44.0292 0664 amdsbs - ok
    18:23:44.0342 0664 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    18:23:44.0344 0664 amdxata - ok
    18:23:44.0394 0664 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    18:23:44.0395 0664 AppID - ok
    18:23:44.0430 0664 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    18:23:44.0431 0664 AppIDSvc - ok
    18:23:44.0477 0664 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    18:23:44.0479 0664 Appinfo - ok
    18:23:44.0661 0664 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:23:44.0664 0664 Apple Mobile Device - ok
    18:23:44.0747 0664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:23:44.0748 0664 arc - ok
    18:23:44.0762 0664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:23:44.0763 0664 arcsas - ok
    18:23:44.0776 0664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:23:44.0777 0664 AsyncMac - ok
    18:23:44.0820 0664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    18:23:44.0820 0664 atapi - ok
    18:23:44.0871 0664 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:23:44.0889 0664 AudioEndpointBuilder - ok
    18:23:44.0900 0664 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:23:44.0904 0664 AudioSrv - ok
    18:23:44.0986 0664 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    18:23:44.0988 0664 AxInstSV - ok
    18:23:45.0037 0664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:23:45.0042 0664 b06bdrv - ok
    18:23:45.0077 0664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:23:45.0081 0664 b57nd60a - ok
    18:23:45.0207 0664 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    18:23:45.0210 0664 BBSvc - ok
    18:23:45.0245 0664 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    18:23:45.0247 0664 BDESVC - ok
    18:23:45.0283 0664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:23:45.0284 0664 Beep - ok
    18:23:45.0387 0664 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    18:23:45.0452 0664 BITS - ok
    18:23:45.0525 0664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:23:45.0526 0664 blbdrive - ok
    18:23:45.0642 0664 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    18:23:45.0648 0664 Bonjour Service - ok
    18:23:45.0728 0664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    18:23:45.0729 0664 bowser - ok
    18:23:45.0767 0664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:23:45.0768 0664 BrFiltLo - ok
    18:23:45.0781 0664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:23:45.0781 0664 BrFiltUp - ok
    18:23:45.0831 0664 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    18:23:45.0833 0664 Browser - ok
    18:23:45.0847 0664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:23:45.0850 0664 Brserid - ok
    18:23:45.0862 0664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:23:45.0863 0664 BrSerWdm - ok
    18:23:45.0877 0664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:23:45.0878 0664 BrUsbMdm - ok
    18:23:45.0891 0664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:23:45.0892 0664 BrUsbSer - ok
    18:23:45.0962 0664 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    18:23:45.0963 0664 BthEnum - ok
    18:23:45.0989 0664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:23:45.0990 0664 BTHMODEM - ok
    18:23:46.0059 0664 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    18:23:46.0061 0664 BthPan - ok
    18:23:46.0128 0664 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    18:23:46.0143 0664 BTHPORT - ok
    18:23:46.0175 0664 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    18:23:46.0177 0664 bthserv - ok
    18:23:46.0212 0664 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    18:23:46.0213 0664 BTHUSB - ok
    18:23:46.0287 0664 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
    18:23:46.0287 0664 BVRPMPR5a64 - ok
    18:23:46.0413 0664 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    18:23:46.0414 0664 ccEvtMgr - ok
    18:23:46.0437 0664 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    18:23:46.0438 0664 ccSetMgr - ok
    18:23:46.0477 0664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:23:46.0479 0664 cdfs - ok
    18:23:46.0590 0664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    18:23:46.0592 0664 cdrom - ok
    18:23:46.0675 0664 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:23:46.0676 0664 CertPropSvc - ok
    18:23:46.0689 0664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:23:46.0690 0664 circlass - ok
    18:23:46.0743 0664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:23:46.0747 0664 CLFS - ok
    18:23:46.0830 0664 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:23:46.0833 0664 clr_optimization_v2.0.50727_32 - ok
    18:23:46.0888 0664 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:23:46.0894 0664 clr_optimization_v2.0.50727_64 - ok
    18:23:46.0982 0664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:23:47.0011 0664 clr_optimization_v4.0.30319_32 - ok
    18:23:47.0105 0664 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:23:47.0127 0664 clr_optimization_v4.0.30319_64 - ok
    18:23:47.0165 0664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:23:47.0169 0664 CmBatt - ok
    18:23:47.0236 0664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    18:23:47.0236 0664 cmdide - ok
    18:23:47.0298 0664 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    18:23:47.0316 0664 CNG - ok
    18:23:47.0390 0664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:23:47.0390 0664 Compbatt - ok
    18:23:47.0481 0664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    18:23:47.0483 0664 CompositeBus - ok
    18:23:47.0524 0664 COMSysApp - ok
    18:23:47.0548 0664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:23:47.0549 0664 crcdisk - ok
    18:23:47.0588 0664 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    18:23:47.0590 0664 CryptSvc - ok
    18:23:47.0682 0664 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
    18:23:47.0683 0664 ctxusbm - ok
    18:23:47.0828 0664 CwAltaService20 (b183a2b73a702d4516ff262961f171d6) C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
    18:23:47.0872 0664 CwAltaService20 - ok
    18:23:47.0923 0664 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:23:47.0938 0664 DcomLaunch - ok
    18:23:48.0042 0664 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    18:23:48.0046 0664 defragsvc - ok
    18:23:48.0112 0664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    18:23:48.0114 0664 DfsC - ok
    18:23:48.0279 0664 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    18:23:48.0319 0664 Dhcp - ok
    18:23:48.0504 0664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:23:48.0505 0664 discache - ok
    18:23:48.0588 0664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:23:48.0590 0664 Disk - ok
    18:23:48.0640 0664 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    18:23:48.0643 0664 Dnscache - ok
    18:23:48.0749 0664 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
    18:23:48.0770 0664 DockLoginService - ok
    18:23:48.0847 0664 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    18:23:48.0850 0664 dot3svc - ok
    18:23:48.0891 0664 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    18:23:48.0893 0664 DPS - ok
    18:23:48.0960 0664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:23:48.0961 0664 drmkaud - ok
    18:23:49.0015 0664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    18:23:49.0031 0664 DXGKrnl - ok
    18:23:49.0070 0664 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    18:23:49.0073 0664 EapHost - ok
    18:23:49.0163 0664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:23:49.0214 0664 ebdrv - ok
    18:23:49.0474 0664 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    18:23:49.0479 0664 eeCtrl - ok
    18:23:49.0521 0664 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    18:23:49.0523 0664 EFS - ok
    18:23:49.0710 0664 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    18:23:49.0759 0664 ehRecvr - ok
    18:23:49.0806 0664 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    18:23:49.0808 0664 ehSched - ok
    18:23:49.0920 0664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:23:49.0936 0664 elxstor - ok
    18:23:50.0060 0664 EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    18:23:50.0063 0664 EPSON_EB_RPCV4_04 - ok
    18:23:50.0124 0664 EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    18:23:50.0126 0664 EPSON_PM_RPCV4_04 - ok
    18:23:50.0169 0664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    18:23:50.0170 0664 ErrDev - ok
    18:23:50.0229 0664 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    18:23:50.0244 0664 EventSystem - ok
    18:23:50.0301 0664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:23:50.0303 0664 exfat - ok
    18:23:50.0322 0664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:23:50.0326 0664 fastfat - ok
    18:23:50.0394 0664 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    18:23:50.0411 0664 Fax - ok
    18:23:50.0439 0664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:23:50.0440 0664 fdc - ok
    18:23:50.0454 0664 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    18:23:50.0455 0664 fdPHost - ok
    18:23:50.0477 0664 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    18:23:50.0478 0664 FDResPub - ok
    18:23:50.0491 0664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:23:50.0492 0664 FileInfo - ok
    18:23:50.0506 0664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:23:50.0507 0664 Filetrace - ok
    18:23:50.0623 0664 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    18:23:50.0640 0664 FLEXnet Licensing Service - ok
    18:23:50.0652 0664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:23:50.0653 0664 flpydisk - ok
    18:23:50.0683 0664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    18:23:50.0686 0664 FltMgr - ok
    18:23:50.0751 0664 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    18:23:50.0768 0664 FontCache - ok
    18:23:50.0857 0664 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:23:50.0859 0664 FontCache3.0.0.0 - ok
    18:23:51.0007 0664 FreeAgentGoNext Service (07af7870abf051ebbae8a8a92ff34abe) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    18:23:51.0010 0664 FreeAgentGoNext Service - ok
    18:23:51.0047 0664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:23:51.0049 0664 FsDepends - ok
    18:23:51.0133 0664 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    18:23:51.0134 0664 fssfltr - ok
    18:23:51.0228 0664 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    18:23:51.0254 0664 fsssvc - ok
    18:23:51.0298 0664 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    18:23:51.0299 0664 Fs_Rec - ok
    18:23:51.0432 0664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:23:51.0437 0664 fvevol - ok
    18:23:51.0479 0664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:23:51.0480 0664 gagp30kx - ok
    18:23:51.0662 0664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:23:51.0662 0664 GEARAspiWDM - ok
    18:23:51.0775 0664 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    18:23:51.0777 0664 GoToAssist - ok
    18:23:51.0823 0664 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    18:23:51.0840 0664 gpsvc - ok
    18:23:51.0868 0664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:23:51.0869 0664 hcw85cir - ok
    18:23:51.0915 0664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    18:23:51.0919 0664 HdAudAddService - ok
    18:23:51.0979 0664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    18:23:51.0981 0664 HDAudBus - ok
    18:23:51.0994 0664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:23:51.0995 0664 HidBatt - ok
    18:23:52.0009 0664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:23:52.0010 0664 HidBth - ok
    18:23:52.0025 0664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    18:23:52.0026 0664 HidIr - ok
    18:23:52.0059 0664 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    18:23:52.0061 0664 hidserv - ok
    18:23:52.0119 0664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    18:23:52.0120 0664 HidUsb - ok
    18:23:52.0162 0664 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    18:23:52.0164 0664 hkmsvc - ok
    18:23:52.0224 0664 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    18:23:52.0228 0664 HomeGroupListener - ok
    18:23:52.0276 0664 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    18:23:52.0279 0664 HomeGroupProvider - ok
    18:23:52.0337 0664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    18:23:52.0339 0664 HpSAMD - ok
    18:23:52.0415 0664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    18:23:52.0433 0664 HTTP - ok
    18:23:52.0474 0664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    18:23:52.0474 0664 hwpolicy - ok
    18:23:52.0525 0664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    18:23:52.0526 0664 i8042prt - ok
    18:23:52.0563 0664 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    18:23:52.0568 0664 iaStorV - ok
    18:23:52.0733 0664 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    18:23:52.0735 0664 IDriverT - ok
    18:23:52.0853 0664 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:23:52.0870 0664 idsvc - ok
    18:23:53.0037 0664 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:23:53.0152 0664 igfx - ok
    18:23:53.0228 0664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:23:53.0229 0664 iirsp - ok
    18:23:53.0305 0664 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    18:23:53.0322 0664 IKEEXT - ok
    18:23:53.0462 0664 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
    18:23:53.0505 0664 IntcAzAudAddService - ok
    18:23:53.0742 0664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    18:23:53.0742 0664 intelide - ok
    18:23:53.0917 0664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:23:53.0918 0664 intelppm - ok
    18:23:53.0959 0664 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    18:23:53.0961 0664 IPBusEnum - ok
    18:23:54.0001 0664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:23:54.0002 0664 IpFilterDriver - ok
    18:23:54.0038 0664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    18:23:54.0039 0664 IPMIDRV - ok
    18:23:54.0113 0664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:23:54.0115 0664 IPNAT - ok
    18:23:54.0230 0664 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
    18:23:54.0248 0664 iPod Service - ok
    18:23:54.0287 0664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:23:54.0287 0664 IRENUM - ok
    18:23:54.0333 0664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    18:23:54.0334 0664 isapnp - ok
    18:23:54.0390 0664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    18:23:54.0394 0664 iScsiPrt - ok
    18:23:54.0421 0664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    18:23:54.0421 0664 kbdclass - ok
    18:23:54.0495 0664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    18:23:54.0495 0664 kbdhid - ok
    18:23:54.0539 0664 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:23:54.0540 0664 KeyIso - ok
    18:23:54.0607 0664 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    18:23:54.0609 0664 KSecDD - ok
    18:23:54.0655 0664 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    18:23:54.0657 0664 KSecPkg - ok
    18:23:54.0669 0664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:23:54.0670 0664 ksthunk - ok
    18:23:54.0777 0664 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    18:23:54.0782 0664 KtmRm - ok
    18:23:54.0847 0664 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    18:23:54.0851 0664 LanmanServer - ok
    18:23:54.0894 0664 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    18:23:54.0897 0664 LanmanWorkstation - ok
    18:23:55.0073 0664 LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    18:23:55.0126 0664 LiveUpdate - ok
    18:23:55.0307 0664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:23:55.0308 0664 lltdio - ok
    18:23:55.0385 0664 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    18:23:55.0390 0664 lltdsvc - ok
    18:23:55.0440 0664 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    18:23:55.0441 0664 lmhosts - ok
    18:23:55.0478 0664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:23:55.0481 0664 LSI_FC - ok
    18:23:55.0511 0664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:23:55.0513 0664 LSI_SAS - ok
    18:23:55.0531 0664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:23:55.0532 0664 LSI_SAS2 - ok
    18:23:55.0549 0664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:23:55.0550 0664 LSI_SCSI - ok
    18:23:55.0579 0664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:23:55.0581 0664 luafv - ok
    18:23:55.0708 0664 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    18:23:55.0713 0664 McciCMService - ok
    18:23:55.0818 0664 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe
    18:23:55.0833 0664 McciCMService64 - ok
    18:23:55.0893 0664 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    18:23:55.0933 0664 Mcx2Svc - ok
    18:23:55.0951 0664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:23:55.0952 0664 megasas - ok
    18:23:55.0983 0664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:23:55.0987 0664 MegaSR - ok
    18:23:56.0097 0664 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    18:23:56.0141 0664 Microsoft Office Groove Audit Service - ok
    18:23:56.0185 0664 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:23:56.0187 0664 MMCSS - ok
    18:23:56.0199 0664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:23:56.0200 0664 Modem - ok
    18:23:56.0278 0664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:23:56.0279 0664 monitor - ok
    18:23:56.0357 0664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    18:23:56.0358 0664 mouclass - ok
    18:23:56.0430 0664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:23:56.0431 0664 mouhid - ok
    18:23:56.0484 0664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    18:23:56.0485 0664 mountmgr - ok
    18:23:56.0535 0664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    18:23:56.0538 0664 mpio - ok
    18:23:56.0574 0664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:23:56.0575 0664 mpsdrv - ok
    18:23:56.0658 0664 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
    18:23:56.0659 0664 MREMP50 - ok
    18:23:56.0795 0664 MREMP50a64 - ok
    18:23:56.0808 0664 MREMPR5 - ok
    18:23:56.0815 0664 MRENDIS5 - ok
    18:23:56.0847 0664 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
    18:23:56.0847 0664 MRESP50 - ok
    18:23:57.0019 0664 MRESP50a64 - ok
    18:23:57.0085 0664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    18:23:57.0087 0664 MRxDAV - ok
    18:23:57.0194 0664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:23:57.0196 0664 mrxsmb - ok
    18:23:57.0247 0664 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:23:57.0250 0664 mrxsmb10 - ok
    18:23:57.0289 0664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:23:57.0291 0664 mrxsmb20 - ok
    18:23:57.0369 0664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    18:23:57.0371 0664 msahci - ok
    18:23:57.0437 0664 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    18:23:57.0438 0664 msdsm - ok
    18:23:57.0481 0664 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    18:23:57.0484 0664 MSDTC - ok
    18:23:57.0532 0664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:23:57.0533 0664 Msfs - ok
    18:23:57.0557 0664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:23:57.0558 0664 mshidkmdf - ok
    18:23:57.0589 0664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    18:23:57.0590 0664 msisadrv - ok
    18:23:57.0614 0664 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    18:23:57.0617 0664 MSiSCSI - ok
    18:23:57.0627 0664 msiserver - ok
    18:23:57.0682 0664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:23:57.0682 0664 MSKSSRV - ok
    18:23:57.0734 0664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:23:57.0734 0664 MSPCLOCK - ok
    18:23:57.0750 0664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:23:57.0750 0664 MSPQM - ok
    18:23:57.0828 0664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    18:23:57.0833 0664 MsRPC - ok
    18:23:57.0862 0664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    18:23:57.0863 0664 mssmbios - ok
    18:23:57.0881 0664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:23:57.0882 0664 MSTEE - ok
    18:23:57.0898 0664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:23:57.0900 0664 MTConfig - ok
    18:23:57.0929 0664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:23:57.0930 0664 Mup - ok
    18:23:57.0960 0664 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    18:23:57.0975 0664 napagent - ok
    18:23:58.0057 0664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:23:58.0060 0664 NativeWifiP - ok
    18:23:58.0213 0664 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120327.008\ENG64.SYS
    18:23:58.0214 0664 NAVENG - ok
    18:23:58.0294 0664 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120327.008\EX64.SYS
     
  17. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    (part 2)


    18:23:58.0346 0664 NAVEX15 - ok
    18:23:58.0448 0664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    18:23:58.0464 0664 NDIS - ok
    18:23:58.0542 0664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:23:58.0543 0664 NdisCap - ok
    18:23:58.0609 0664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:23:58.0610 0664 NdisTapi - ok
    18:23:58.0687 0664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:23:58.0688 0664 Ndisuio - ok
    18:23:58.0737 0664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:23:58.0739 0664 NdisWan - ok
    18:23:58.0792 0664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    18:23:58.0793 0664 NDProxy - ok
    18:23:58.0883 0664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:23:58.0884 0664 NetBIOS - ok
    18:23:59.0052 0664 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    18:23:59.0056 0664 NetBT - ok
    18:23:59.0097 0664 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:23:59.0098 0664 Netlogon - ok
    18:23:59.0208 0664 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    18:23:59.0213 0664 Netman - ok
    18:23:59.0234 0664 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    18:23:59.0240 0664 netprofm - ok
    18:23:59.0336 0664 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:23:59.0338 0664 NetTcpPortSharing - ok
    18:23:59.0355 0664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:23:59.0356 0664 nfrd960 - ok
    18:23:59.0551 0664 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    18:23:59.0555 0664 NlaSvc - ok
    18:23:59.0738 0664 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    18:23:59.0755 0664 nmservice - ok
    18:23:59.0766 0664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:23:59.0768 0664 Npfs - ok
    18:23:59.0804 0664 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    18:23:59.0805 0664 nsi - ok
    18:23:59.0820 0664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:23:59.0821 0664 nsiproxy - ok
    18:23:59.0938 0664 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    18:23:59.0965 0664 Ntfs - ok
    18:24:00.0018 0664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:24:00.0020 0664 Null - ok
    18:24:00.0097 0664 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    18:24:00.0099 0664 nvraid - ok
    18:24:00.0142 0664 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    18:24:00.0144 0664 nvstor - ok
    18:24:00.0166 0664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    18:24:00.0168 0664 nv_agp - ok
    18:24:00.0260 0664 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:24:00.0265 0664 odserv - ok
    18:24:00.0306 0664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    18:24:00.0307 0664 ohci1394 - ok
    18:24:00.0395 0664 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:24:00.0398 0664 ose - ok
    18:24:00.0443 0664 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:24:00.0447 0664 p2pimsvc - ok
    18:24:00.0496 0664 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    18:24:00.0502 0664 p2psvc - ok
    18:24:00.0540 0664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:24:00.0541 0664 Parport - ok
    18:24:00.0594 0664 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    18:24:00.0595 0664 partmgr - ok
    18:24:00.0620 0664 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    18:24:00.0623 0664 PcaSvc - ok
    18:24:00.0666 0664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    18:24:00.0668 0664 pci - ok
    18:24:00.0683 0664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    18:24:00.0685 0664 pciide - ok
    18:24:00.0705 0664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:24:00.0707 0664 pcmcia - ok
    18:24:00.0729 0664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:24:00.0730 0664 pcw - ok
    18:24:00.0783 0664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:24:00.0801 0664 PEAUTH - ok
    18:24:00.0963 0664 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    18:24:01.0065 0664 PerfHost - ok
    18:24:01.0138 0664 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    18:24:01.0164 0664 pla - ok
    18:24:01.0281 0664 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    18:24:01.0296 0664 PlugPlay - ok
    18:24:01.0466 0664 Pml Driver HPZ12 (64ca1485214340cacc315ffdfded73ef) C:\Windows\system32\HPZipm12.dll
    18:24:01.0474 0664 Pml Driver HPZ12 - ok
    18:24:01.0950 0664 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
    18:24:01.0951 0664 pnarp - ok
    18:24:02.0003 0664 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    18:24:02.0005 0664 PNRPAutoReg - ok
    18:24:02.0028 0664 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:24:02.0031 0664 PNRPsvc - ok
    18:24:02.0069 0664 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    18:24:02.0085 0664 PolicyAgent - ok
    18:24:02.0127 0664 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    18:24:02.0129 0664 Power - ok
    18:24:02.0203 0664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    18:24:02.0205 0664 PptpMiniport - ok
    18:24:02.0256 0664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:24:02.0258 0664 Processor - ok
    18:24:02.0305 0664 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    18:24:02.0308 0664 ProfSvc - ok
    18:24:02.0363 0664 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:24:02.0364 0664 ProtectedStorage - ok
    18:24:02.0406 0664 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    18:24:02.0408 0664 Psched - ok
    18:24:02.0477 0664 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
    18:24:02.0478 0664 purendis - ok
    18:24:02.0526 0664 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    18:24:02.0527 0664 PxHlpa64 - ok
    18:24:02.0576 0664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:24:02.0622 0664 ql2300 - ok
    18:24:02.0654 0664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:24:02.0656 0664 ql40xx - ok
    18:24:02.0699 0664 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    18:24:02.0703 0664 QWAVE - ok
    18:24:02.0715 0664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:24:02.0716 0664 QWAVEdrv - ok
    18:24:02.0743 0664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:24:02.0744 0664 RasAcd - ok
    18:24:02.0810 0664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:24:02.0811 0664 RasAgileVpn - ok
    18:24:02.0828 0664 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    18:24:02.0834 0664 RasAuto - ok
    18:24:02.0885 0664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:24:02.0887 0664 Rasl2tp - ok
    18:24:02.0977 0664 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    18:24:02.0982 0664 RasMan - ok
    18:24:03.0002 0664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:24:03.0004 0664 RasPppoe - ok
    18:24:03.0054 0664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:24:03.0055 0664 RasSstp - ok
    18:24:03.0085 0664 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    18:24:03.0091 0664 rdbss - ok
    18:24:03.0118 0664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:24:03.0120 0664 rdpbus - ok
    18:24:03.0133 0664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:24:03.0133 0664 RDPCDD - ok
    18:24:03.0197 0664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:24:03.0197 0664 RDPENCDD - ok
    18:24:03.0226 0664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:24:03.0226 0664 RDPREFMP - ok
    18:24:03.0246 0664 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    18:24:03.0249 0664 RDPWD - ok
    18:24:03.0299 0664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    18:24:03.0301 0664 rdyboost - ok
    18:24:03.0385 0664 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    18:24:03.0403 0664 RemoteAccess - ok
    18:24:03.0558 0664 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    18:24:03.0561 0664 RemoteRegistry - ok
    18:24:03.0624 0664 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    18:24:03.0626 0664 RFCOMM - ok
    18:24:03.0650 0664 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    18:24:03.0652 0664 RpcEptMapper - ok
    18:24:03.0697 0664 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    18:24:03.0698 0664 RpcLocator - ok
    18:24:03.0747 0664 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:24:03.0751 0664 RpcSs - ok
    18:24:03.0793 0664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:24:03.0794 0664 rspndr - ok
    18:24:03.0873 0664 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:24:03.0875 0664 RTL8167 - ok
    18:24:03.0921 0664 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:24:03.0922 0664 SamSs - ok
    18:24:03.0966 0664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    18:24:03.0967 0664 sbp2port - ok
    18:24:04.0011 0664 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    18:24:04.0015 0664 SCardSvr - ok
    18:24:04.0054 0664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    18:24:04.0055 0664 scfilter - ok
    18:24:04.0490 0664 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    18:24:04.0565 0664 Schedule - ok
    18:24:04.0624 0664 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:24:04.0625 0664 SCPolicySvc - ok
    18:24:04.0668 0664 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    18:24:04.0672 0664 SDRSVC - ok
    18:24:04.0788 0664 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    18:24:04.0792 0664 SeaPort - ok
    18:24:04.0859 0664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:24:04.0860 0664 secdrv - ok
    18:24:04.0899 0664 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    18:24:04.0901 0664 seclogon - ok
    18:24:04.0967 0664 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    18:24:04.0969 0664 SENS - ok
    18:24:04.0980 0664 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    18:24:04.0981 0664 SensrSvc - ok
    18:24:04.0994 0664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:24:04.0995 0664 Serenum - ok
    18:24:05.0026 0664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:24:05.0028 0664 Serial - ok
    18:24:05.0102 0664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:24:05.0103 0664 sermouse - ok
    18:24:05.0160 0664 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    18:24:05.0162 0664 SessionEnv - ok
    18:24:05.0214 0664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    18:24:05.0215 0664 sffdisk - ok
    18:24:05.0235 0664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    18:24:05.0236 0664 sffp_mmc - ok
    18:24:05.0256 0664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    18:24:05.0257 0664 sffp_sd - ok
    18:24:05.0295 0664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:24:05.0296 0664 sfloppy - ok
    18:24:05.0465 0664 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    18:24:05.0494 0664 SharedAccess - ok
    18:24:05.0576 0664 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    18:24:05.0590 0664 ShellHWDetection - ok
    18:24:05.0610 0664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:24:05.0611 0664 SiSRaid2 - ok
    18:24:05.0632 0664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:24:05.0633 0664 SiSRaid4 - ok
    18:24:05.0673 0664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:24:05.0674 0664 Smb - ok
    18:24:05.0841 0664 SmcService (ad97b711074cf27da0c00f2c26e1a62c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    18:24:05.0926 0664 SmcService - ok
    18:24:06.0043 0664 SNAC (91bd8e268d93aaf5f59aac9de84a25bb) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
    18:24:06.0048 0664 SNAC - ok
    18:24:06.0153 0664 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    18:24:06.0154 0664 SNMPTRAP - ok
    18:24:06.0296 0664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:24:06.0297 0664 spldr - ok
    18:24:06.0348 0664 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    18:24:06.0364 0664 Spooler - ok
    18:24:06.0455 0664 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    18:24:06.0535 0664 sppsvc - ok
    18:24:06.0575 0664 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    18:24:06.0575 0664 sppuinotify - ok
    18:24:06.0655 0664 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
    18:24:06.0655 0664 SRTSP - ok
    18:24:06.0715 0664 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
    18:24:06.0715 0664 SRTSPL - ok
    18:24:06.0835 0664 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
    18:24:06.0835 0664 SRTSPX - ok
    18:24:06.0895 0664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    18:24:06.0895 0664 srv - ok
    18:24:06.0955 0664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    18:24:06.0955 0664 srv2 - ok
    18:24:06.0985 0664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    18:24:06.0985 0664 srvnet - ok
    18:24:07.0075 0664 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    18:24:07.0075 0664 SSDPSRV - ok
    18:24:07.0105 0664 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    18:24:07.0105 0664 SstpSvc - ok
    18:24:07.0195 0664 Steam Client Service - ok
    18:24:07.0205 0664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:24:07.0205 0664 stexstor - ok
    18:24:07.0265 0664 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    18:24:07.0285 0664 stisvc - ok
    18:24:07.0325 0664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    18:24:07.0325 0664 swenum - ok
    18:24:07.0465 0664 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    18:24:07.0475 0664 swprv - ok
    18:24:07.0635 0664 Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    18:24:07.0675 0664 Symantec AntiVirus - ok
    18:24:07.0845 0664 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    18:24:07.0845 0664 SymEvent - ok
    18:24:07.0915 0664 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    18:24:07.0955 0664 SysMain - ok
    18:24:08.0005 0664 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    18:24:08.0015 0664 TabletInputService - ok
    18:24:08.0065 0664 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    18:24:08.0075 0664 TapiSrv - ok
    18:24:08.0115 0664 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    18:24:08.0115 0664 TBS - ok
    18:24:08.0225 0664 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    18:24:08.0275 0664 Tcpip - ok
    18:24:08.0375 0664 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    18:24:08.0385 0664 TCPIP6 - ok
    18:24:08.0415 0664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    18:24:08.0415 0664 tcpipreg - ok
    18:24:08.0495 0664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:24:08.0495 0664 TDPIPE - ok
    18:24:08.0545 0664 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    18:24:08.0545 0664 TDTCP - ok
    18:24:08.0595 0664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    18:24:08.0595 0664 tdx - ok
    18:24:08.0635 0664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    18:24:08.0645 0664 TermDD - ok
    18:24:08.0685 0664 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    18:24:08.0705 0664 TermService - ok
    18:24:08.0745 0664 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    18:24:08.0745 0664 Themes - ok
    18:24:08.0795 0664 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:24:08.0795 0664 THREADORDER - ok
    18:24:08.0805 0664 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    18:24:08.0815 0664 TrkWks - ok
    18:24:08.0875 0664 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    18:24:08.0875 0664 TrustedInstaller - ok
    18:24:08.0925 0664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:24:08.0925 0664 tssecsrv - ok
    18:24:09.0014 0664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    18:24:09.0015 0664 TsUsbFlt - ok
    18:24:09.0099 0664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    18:24:09.0101 0664 tunnel - ok
    18:24:09.0163 0664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:24:09.0164 0664 uagp35 - ok
    18:24:09.0210 0664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    18:24:09.0214 0664 udfs - ok
    18:24:09.0252 0664 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    18:24:09.0254 0664 UI0Detect - ok
    18:24:09.0294 0664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    18:24:09.0295 0664 uliagpkx - ok
    18:24:09.0333 0664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    18:24:09.0334 0664 umbus - ok
    18:24:09.0389 0664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:24:09.0403 0664 UmPass - ok
    18:24:09.0459 0664 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    18:24:09.0465 0664 upnphost - ok
    18:24:09.0533 0664 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    18:24:09.0534 0664 USBAAPL64 - ok
    18:24:09.0574 0664 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:24:09.0575 0664 usbccgp - ok
    18:24:10.0013 0664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    18:24:10.0015 0664 usbcir - ok
    18:24:10.0046 0664 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    18:24:10.0047 0664 usbehci - ok
    18:24:10.0125 0664 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    18:24:10.0144 0664 usbhub - ok
    18:24:10.0241 0664 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    18:24:10.0242 0664 usbohci - ok
    18:24:10.0275 0664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:24:10.0276 0664 usbprint - ok
    18:24:10.0303 0664 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    18:24:10.0304 0664 usbscan - ok
    18:24:10.0323 0664 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:24:10.0325 0664 USBSTOR - ok
    18:24:10.0340 0664 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    18:24:10.0341 0664 usbuhci - ok
    18:24:10.0361 0664 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    18:24:10.0363 0664 UxSms - ok
    18:24:10.0404 0664 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:24:10.0405 0664 VaultSvc - ok
    18:24:10.0423 0664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    18:24:10.0424 0664 vdrvroot - ok
    18:24:10.0498 0664 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    18:24:10.0515 0664 vds - ok
    18:24:10.0588 0664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:24:10.0589 0664 vga - ok
    18:24:10.0646 0664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:24:10.0647 0664 VgaSave - ok
    18:24:10.0679 0664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    18:24:10.0682 0664 vhdmp - ok
    18:24:10.0716 0664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    18:24:10.0716 0664 viaide - ok
    18:24:10.0796 0664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    18:24:10.0798 0664 volmgr - ok
    18:24:10.0866 0664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    18:24:10.0902 0664 volmgrx - ok
    18:24:10.0961 0664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    18:24:10.0971 0664 volsnap - ok
    18:24:10.0990 0664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:24:10.0992 0664 vsmraid - ok
    18:24:11.0078 0664 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    18:24:11.0114 0664 VSS - ok
    18:24:11.0153 0664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    18:24:11.0154 0664 vwifibus - ok
    18:24:11.0199 0664 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    18:24:11.0205 0664 W32Time - ok
    18:24:11.0222 0664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:24:11.0223 0664 WacomPen - ok
    18:24:11.0256 0664 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:24:11.0257 0664 WANARP - ok
    18:24:11.0262 0664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:24:11.0263 0664 Wanarpv6 - ok
    18:24:11.0411 0664 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:24:11.0441 0664 WatAdminSvc - ok
    18:24:11.0505 0664 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    18:24:11.0544 0664 wbengine - ok
    18:24:11.0606 0664 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    18:24:11.0610 0664 WbioSrvc - ok
    18:24:11.0662 0664 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    18:24:11.0667 0664 wcncsvc - ok
    18:24:11.0711 0664 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    18:24:11.0713 0664 WcsPlugInService - ok
    18:24:11.0818 0664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:24:11.0819 0664 Wd - ok
    18:24:11.0851 0664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:24:11.0858 0664 Wdf01000 - ok
    18:24:11.0884 0664 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:24:11.0887 0664 WdiServiceHost - ok
    18:24:11.0899 0664 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:24:11.0901 0664 WdiSystemHost - ok
    18:24:11.0940 0664 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    18:24:11.0944 0664 WebClient - ok
    18:24:11.0976 0664 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    18:24:11.0980 0664 Wecsvc - ok
    18:24:12.0011 0664 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    18:24:12.0013 0664 wercplsupport - ok
    18:24:12.0046 0664 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    18:24:12.0049 0664 WerSvc - ok
    18:24:12.0062 0664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:24:12.0063 0664 WfpLwf - ok
    18:24:12.0081 0664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:24:12.0082 0664 WIMMount - ok
    18:24:12.0092 0664 WinHttpAutoProxySvc - ok
    18:24:12.0157 0664 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    18:24:12.0160 0664 Winmgmt - ok
    18:24:12.0257 0664 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    18:24:12.0321 0664 WinRM - ok
    18:24:12.0447 0664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    18:24:12.0448 0664 WinUsb - ok
    18:24:12.0541 0664 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    18:24:12.0566 0664 Wlansvc - ok
    18:24:12.0715 0664 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:24:12.0761 0664 wlidsvc - ok
    18:24:12.0806 0664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    18:24:12.0807 0664 WmiAcpi - ok
    18:24:12.0854 0664 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    18:24:12.0870 0664 wmiApSrv - ok
    18:24:12.0918 0664 WMPNetworkSvc - ok
    18:24:12.0963 0664 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    18:24:12.0965 0664 WPCSvc - ok
    18:24:13.0012 0664 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    18:24:13.0015 0664 WPDBusEnum - ok
    18:24:13.0058 0664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:24:13.0059 0664 ws2ifsl - ok
    18:24:13.0091 0664 WSearch - ok
    18:24:13.0216 0664 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    18:24:13.0265 0664 wuauserv - ok
    18:24:13.0310 0664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    18:24:13.0312 0664 WudfPf - ok
    18:24:13.0428 0664 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:24:13.0448 0664 WUDFRd - ok
    18:24:13.0494 0664 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    18:24:13.0496 0664 wudfsvc - ok
    18:24:13.0532 0664 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    18:24:13.0683 0664 WwanSvc - ok
    18:24:13.0755 0664 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
    18:24:13.0792 0664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    18:24:13.0792 0664 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    18:24:13.0820 0664 Boot (0x1200) (64d62d7edf746ce3c8ec88750a07cfc6) \Device\Harddisk0\DR0\Partition0
    18:24:13.0821 0664 \Device\Harddisk0\DR0\Partition0 - ok
    18:24:13.0855 0664 Boot (0x1200) (837166823f8125234e9447aedcc86f9b) \Device\Harddisk0\DR0\Partition1
    18:24:13.0856 0664 \Device\Harddisk0\DR0\Partition1 - ok
    18:24:13.0857 0664 ============================================================
    18:24:13.0857 0664 Scan finished
    18:24:13.0857 0664 ============================================================
    18:24:13.0874 1704 Detected object count: 1
    18:24:13.0874 1704 Actual detected object count: 1
    18:26:00.0845 1704 \Device\Harddisk0\DR0\# - copied to quarantine
    18:26:00.0845 1704 \Device\Harddisk0\DR0 - copied to quarantine
    18:26:00.0873 1704 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    18:26:00.0874 1704 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    18:26:00.0877 1704 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    18:26:00.0882 1704 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    18:26:00.0893 1704 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    18:26:00.0899 1704 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    18:26:00.0900 1704 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    18:26:00.0901 1704 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    18:26:00.0902 1704 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    18:26:00.0904 1704 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    18:26:00.0906 1704 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    18:26:00.0907 1704 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    18:26:00.0940 1704 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    18:26:00.0941 1704 \Device\Harddisk0\DR0 - ok
    18:26:00.0989 1704 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    18:26:16.0092 2464 Deinitialize success
     
  18. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Re-run the tool one more time.
     
  19. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    (part 1)

    21:52:43.0548 0580 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    21:52:45.0560 0580 ============================================================
    21:52:45.0560 0580 Current date / time: 2012/04/13 21:52:45.0560
    21:52:45.0560 0580 SystemInfo:
    21:52:45.0560 0580
    21:52:45.0560 0580 OS Version: 6.1.7601 ServicePack: 1.0
    21:52:45.0560 0580 Product type: Workstation
    21:52:45.0560 0580 ComputerName: COOK-HOME
    21:52:45.0560 0580 UserName: mmcook
    21:52:45.0560 0580 Windows directory: C:\Windows
    21:52:45.0560 0580 System windows directory: C:\Windows
    21:52:45.0560 0580 Running under WOW64
    21:52:45.0560 0580 Processor architecture: Intel x64
    21:52:45.0560 0580 Number of processors: 2
    21:52:45.0560 0580 Page size: 0x1000
    21:52:45.0560 0580 Boot type: Safe boot with network
    21:52:45.0560 0580 ============================================================
    21:52:51.0863 0580 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:52:51.0878 0580 \Device\Harddisk0\DR0:
    21:52:51.0878 0580 MBR used
    21:52:51.0878 0580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0xF77000
    21:52:51.0878 0580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF92800, BlocksNum 0x498C5000
    21:52:51.0909 0580 Initialize success
    21:52:51.0909 0580 ============================================================
    21:52:54.0452 1240 ============================================================
    21:52:54.0452 1240 Scan started
    21:52:54.0452 1240 Mode: Manual;
    21:52:54.0452 1240 ============================================================
    21:52:55.0139 1240 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    21:52:55.0139 1240 1394ohci - ok
    21:52:55.0279 1240 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    21:52:55.0295 1240 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
    21:52:55.0357 1240 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    21:52:55.0357 1240 ACPI - ok
    21:52:55.0388 1240 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    21:52:55.0388 1240 AcpiPmi - ok
    21:52:55.0466 1240 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:52:55.0482 1240 adp94xx - ok
    21:52:55.0497 1240 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    21:52:55.0497 1240 adpahci - ok
    21:52:55.0497 1240 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    21:52:55.0513 1240 adpu320 - ok
    21:52:55.0544 1240 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    21:52:55.0560 1240 AeLookupSvc - ok
    21:52:55.0653 1240 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    21:52:55.0653 1240 AERTFilters - ok
    21:52:55.0747 1240 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    21:52:55.0747 1240 AFD - ok
    21:52:55.0778 1240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    21:52:55.0778 1240 agp440 - ok
    21:52:55.0825 1240 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    21:52:55.0825 1240 ALG - ok
    21:52:55.0856 1240 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    21:52:55.0856 1240 aliide - ok
    21:52:55.0872 1240 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    21:52:55.0872 1240 amdide - ok
    21:52:55.0887 1240 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    21:52:55.0887 1240 AmdK8 - ok
    21:52:55.0903 1240 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    21:52:55.0903 1240 AmdPPM - ok
    21:52:55.0950 1240 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    21:52:55.0950 1240 amdsata - ok
    21:52:55.0997 1240 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:52:56.0012 1240 amdsbs - ok
    21:52:56.0043 1240 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    21:52:56.0043 1240 amdxata - ok
    21:52:56.0090 1240 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    21:52:56.0090 1240 AppID - ok
    21:52:56.0106 1240 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    21:52:56.0106 1240 AppIDSvc - ok
    21:52:56.0153 1240 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    21:52:56.0153 1240 Appinfo - ok
    21:52:56.0293 1240 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:52:56.0293 1240 Apple Mobile Device - ok
    21:52:56.0309 1240 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    21:52:56.0309 1240 arc - ok
    21:52:56.0324 1240 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    21:52:56.0324 1240 arcsas - ok
    21:52:56.0340 1240 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:52:56.0340 1240 AsyncMac - ok
    21:52:56.0371 1240 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    21:52:56.0371 1240 atapi - ok
    21:52:56.0433 1240 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    21:52:56.0433 1240 AudioEndpointBuilder - ok
    21:52:56.0480 1240 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    21:52:56.0480 1240 AudioSrv - ok
    21:52:56.0574 1240 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    21:52:56.0574 1240 AxInstSV - ok
    21:52:56.0621 1240 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    21:52:56.0621 1240 b06bdrv - ok
    21:52:56.0652 1240 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:52:56.0652 1240 b57nd60a - ok
    21:52:56.0730 1240 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    21:52:56.0730 1240 BBSvc - ok
    21:52:56.0777 1240 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    21:52:56.0777 1240 BDESVC - ok
    21:52:56.0808 1240 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    21:52:56.0808 1240 Beep - ok
    21:52:56.0855 1240 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    21:52:56.0870 1240 BITS - ok
    21:52:56.0886 1240 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:52:56.0886 1240 blbdrive - ok
    21:52:56.0995 1240 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    21:52:56.0995 1240 Bonjour Service - ok
    21:52:57.0042 1240 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    21:52:57.0042 1240 bowser - ok
    21:52:57.0073 1240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:52:57.0073 1240 BrFiltLo - ok
    21:52:57.0089 1240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:52:57.0089 1240 BrFiltUp - ok
    21:52:57.0135 1240 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    21:52:57.0135 1240 Browser - ok
    21:52:57.0151 1240 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    21:52:57.0151 1240 Brserid - ok
    21:52:57.0151 1240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:52:57.0151 1240 BrSerWdm - ok
    21:52:57.0167 1240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:52:57.0167 1240 BrUsbMdm - ok
    21:52:57.0182 1240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:52:57.0182 1240 BrUsbSer - ok
    21:52:57.0260 1240 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    21:52:57.0260 1240 BthEnum - ok
    21:52:57.0291 1240 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:52:57.0291 1240 BTHMODEM - ok
    21:52:57.0354 1240 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    21:52:57.0354 1240 BthPan - ok
    21:52:57.0432 1240 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    21:52:57.0432 1240 BTHPORT - ok
    21:52:57.0463 1240 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    21:52:57.0463 1240 bthserv - ok
    21:52:57.0510 1240 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    21:52:57.0510 1240 BTHUSB - ok
    21:52:57.0572 1240 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
    21:52:57.0572 1240 BVRPMPR5a64 - ok
    21:52:57.0697 1240 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    21:52:57.0697 1240 ccEvtMgr - ok
    21:52:57.0713 1240 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    21:52:57.0713 1240 ccSetMgr - ok
    21:52:57.0759 1240 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:52:57.0759 1240 cdfs - ok
    21:52:57.0837 1240 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    21:52:57.0837 1240 cdrom - ok
    21:52:57.0900 1240 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    21:52:57.0915 1240 CertPropSvc - ok
    21:52:57.0915 1240 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    21:52:57.0915 1240 circlass - ok
    21:52:57.0962 1240 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    21:52:57.0962 1240 CLFS - ok
    21:52:58.0056 1240 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:52:58.0056 1240 clr_optimization_v2.0.50727_32 - ok
    21:52:58.0103 1240 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:52:58.0103 1240 clr_optimization_v2.0.50727_64 - ok
    21:52:58.0196 1240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:52:58.0196 1240 clr_optimization_v4.0.30319_32 - ok
    21:52:58.0305 1240 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:52:58.0305 1240 clr_optimization_v4.0.30319_64 - ok
    21:52:58.0321 1240 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:52:58.0321 1240 CmBatt - ok
    21:52:58.0352 1240 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    21:52:58.0352 1240 cmdide - ok
    21:52:58.0399 1240 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    21:52:58.0399 1240 CNG - ok
    21:52:58.0415 1240 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    21:52:58.0415 1240 Compbatt - ok
    21:52:58.0477 1240 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    21:52:58.0477 1240 CompositeBus - ok
    21:52:58.0493 1240 COMSysApp - ok
    21:52:58.0508 1240 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:52:58.0508 1240 crcdisk - ok
    21:52:58.0586 1240 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    21:52:58.0586 1240 CryptSvc - ok
    21:52:58.0664 1240 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
    21:52:58.0664 1240 ctxusbm - ok
    21:52:58.0820 1240 CwAltaService20 (b183a2b73a702d4516ff262961f171d6) C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
    21:52:58.0836 1240 CwAltaService20 - ok
    21:52:58.0867 1240 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    21:52:58.0883 1240 DcomLaunch - ok
    21:52:58.0961 1240 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    21:52:58.0961 1240 defragsvc - ok
    21:52:59.0023 1240 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    21:52:59.0023 1240 DfsC - ok
    21:52:59.0085 1240 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    21:52:59.0085 1240 Dhcp - ok
    21:52:59.0117 1240 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    21:52:59.0117 1240 discache - ok
    21:52:59.0163 1240 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    21:52:59.0163 1240 Disk - ok
    21:52:59.0210 1240 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    21:52:59.0210 1240 Dnscache - ok
    21:52:59.0319 1240 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
    21:52:59.0319 1240 DockLoginService - ok
    21:52:59.0366 1240 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    21:52:59.0366 1240 dot3svc - ok
    21:52:59.0413 1240 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    21:52:59.0413 1240 DPS - ok
    21:52:59.0475 1240 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    21:52:59.0475 1240 drmkaud - ok
    21:52:59.0522 1240 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    21:52:59.0538 1240 DXGKrnl - ok
    21:52:59.0585 1240 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    21:52:59.0585 1240 EapHost - ok
    21:52:59.0663 1240 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    21:52:59.0678 1240 ebdrv - ok
    21:52:59.0803 1240 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    21:52:59.0803 1240 eeCtrl - ok
    21:52:59.0834 1240 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    21:52:59.0834 1240 EFS - ok
    21:52:59.0943 1240 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    21:52:59.0959 1240 ehRecvr - ok
    21:52:59.0975 1240 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    21:52:59.0975 1240 ehSched - ok
    21:53:00.0021 1240 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    21:53:00.0037 1240 elxstor - ok
    21:53:00.0146 1240 EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    21:53:00.0146 1240 EPSON_EB_RPCV4_04 - ok
    21:53:00.0193 1240 EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    21:53:00.0193 1240 EPSON_PM_RPCV4_04 - ok
    21:53:00.0240 1240 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    21:53:00.0240 1240 ErrDev - ok
    21:53:00.0287 1240 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    21:53:00.0287 1240 EventSystem - ok
    21:53:00.0334 1240 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    21:53:00.0334 1240 exfat - ok
    21:53:00.0349 1240 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    21:53:00.0349 1240 fastfat - ok
    21:53:00.0427 1240 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    21:53:00.0427 1240 Fax - ok
    21:53:00.0443 1240 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    21:53:00.0443 1240 fdc - ok
    21:53:00.0474 1240 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    21:53:00.0474 1240 fdPHost - ok
    21:53:00.0505 1240 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    21:53:00.0505 1240 FDResPub - ok
    21:53:00.0521 1240 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    21:53:00.0521 1240 FileInfo - ok
    21:53:00.0521 1240 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    21:53:00.0521 1240 Filetrace - ok
    21:53:00.0630 1240 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    21:53:00.0630 1240 FLEXnet Licensing Service - ok
    21:53:00.0646 1240 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:53:00.0646 1240 flpydisk - ok
    21:53:00.0677 1240 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    21:53:00.0677 1240 FltMgr - ok
    21:53:00.0739 1240 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    21:53:00.0755 1240 FontCache - ok
    21:53:00.0833 1240 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:53:00.0833 1240 FontCache3.0.0.0 - ok
    21:53:00.0989 1240 FreeAgentGoNext Service (07af7870abf051ebbae8a8a92ff34abe) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    21:53:00.0989 1240 FreeAgentGoNext Service - ok
    21:53:01.0020 1240 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    21:53:01.0020 1240 FsDepends - ok
    21:53:01.0098 1240 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    21:53:01.0098 1240 fssfltr - ok
    21:53:01.0192 1240 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    21:53:01.0192 1240 fsssvc - ok
    21:53:01.0254 1240 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    21:53:01.0254 1240 Fs_Rec - ok
    21:53:01.0316 1240 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    21:53:01.0316 1240 fvevol - ok
    21:53:01.0348 1240 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:53:01.0348 1240 gagp30kx - ok
    21:53:01.0394 1240 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:53:01.0394 1240 GEARAspiWDM - ok
    21:53:01.0504 1240 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    21:53:01.0504 1240 GoToAssist - ok
    21:53:01.0550 1240 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    21:53:01.0550 1240 gpsvc - ok
    21:53:01.0582 1240 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    21:53:01.0582 1240 hcw85cir - ok
    21:53:01.0628 1240 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    21:53:01.0628 1240 HdAudAddService - ok
    21:53:01.0691 1240 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    21:53:01.0691 1240 HDAudBus - ok
    21:53:01.0706 1240 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:53:01.0706 1240 HidBatt - ok
    21:53:01.0722 1240 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    21:53:01.0722 1240 HidBth - ok
    21:53:01.0738 1240 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    21:53:01.0738 1240 HidIr - ok
    21:53:01.0769 1240 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    21:53:01.0769 1240 hidserv - ok
    21:53:01.0847 1240 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    21:53:01.0847 1240 HidUsb - ok
    21:53:01.0878 1240 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    21:53:01.0878 1240 hkmsvc - ok
    21:53:01.0909 1240 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    21:53:01.0925 1240 HomeGroupListener - ok
    21:53:01.0956 1240 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    21:53:01.0956 1240 HomeGroupProvider - ok
    21:53:02.0018 1240 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    21:53:02.0018 1240 HpSAMD - ok
    21:53:02.0096 1240 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    21:53:02.0096 1240 HTTP - ok
    21:53:02.0143 1240 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    21:53:02.0143 1240 hwpolicy - ok
    21:53:02.0206 1240 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    21:53:02.0206 1240 i8042prt - ok
    21:53:02.0237 1240 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    21:53:02.0237 1240 iaStorV - ok
    21:53:02.0362 1240 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    21:53:02.0362 1240 IDriverT - ok
    21:53:02.0455 1240 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:53:02.0455 1240 idsvc - ok
    21:53:02.0611 1240 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
    21:53:02.0642 1240 igfx - ok
    21:53:02.0689 1240 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    21:53:02.0689 1240 iirsp - ok
    21:53:02.0752 1240 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    21:53:02.0767 1240 IKEEXT - ok
    21:53:02.0861 1240 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
    21:53:02.0876 1240 IntcAzAudAddService - ok
    21:53:02.0923 1240 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    21:53:02.0923 1240 intelide - ok
    21:53:02.0939 1240 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    21:53:02.0939 1240 intelppm - ok
    21:53:02.0970 1240 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    21:53:02.0970 1240 IPBusEnum - ok
    21:53:03.0017 1240 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:53:03.0017 1240 IpFilterDriver - ok
    21:53:03.0064 1240 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    21:53:03.0064 1240 IPMIDRV - ok
    21:53:03.0079 1240 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    21:53:03.0079 1240 IPNAT - ok
    21:53:03.0188 1240 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
    21:53:03.0188 1240 iPod Service - ok
    21:53:03.0235 1240 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    21:53:03.0235 1240 IRENUM - ok
    21:53:03.0266 1240 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    21:53:03.0266 1240 isapnp - ok
    21:53:03.0313 1240 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    21:53:03.0313 1240 iScsiPrt - ok
    21:53:03.0360 1240 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    21:53:03.0360 1240 kbdclass - ok
    21:53:03.0422 1240 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    21:53:03.0422 1240 kbdhid - ok
    21:53:03.0469 1240 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:53:03.0469 1240 KeyIso - ok
    21:53:03.0516 1240 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    21:53:03.0516 1240 KSecDD - ok
    21:53:03.0547 1240 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    21:53:03.0547 1240 KSecPkg - ok
    21:53:03.0563 1240 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    21:53:03.0563 1240 ksthunk - ok
    21:53:03.0641 1240 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    21:53:03.0641 1240 KtmRm - ok
    21:53:03.0719 1240 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    21:53:03.0719 1240 LanmanServer - ok
    21:53:03.0766 1240 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    21:53:03.0766 1240 LanmanWorkstation - ok
    21:53:03.0953 1240 LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    21:53:03.0968 1240 LiveUpdate - ok
    21:53:04.0000 1240 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    21:53:04.0000 1240 lltdio - ok
    21:53:04.0062 1240 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    21:53:04.0062 1240 lltdsvc - ok
    21:53:04.0093 1240 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    21:53:04.0093 1240 lmhosts - ok
    21:53:04.0109 1240 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:53:04.0109 1240 LSI_FC - ok
    21:53:04.0140 1240 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:53:04.0140 1240 LSI_SAS - ok
    21:53:04.0156 1240 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:53:04.0156 1240 LSI_SAS2 - ok
    21:53:04.0171 1240 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:53:04.0171 1240 LSI_SCSI - ok
    21:53:04.0202 1240 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    21:53:04.0202 1240 luafv - ok
    21:53:04.0312 1240 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    21:53:04.0312 1240 McciCMService - ok
    21:53:04.0405 1240 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe
    21:53:04.0405 1240 McciCMService64 - ok
    21:53:04.0452 1240 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    21:53:04.0468 1240 Mcx2Svc - ok
    21:53:04.0468 1240 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    21:53:04.0468 1240 megasas - ok
    21:53:04.0514 1240 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:53:04.0514 1240 MegaSR - ok
    21:53:04.0608 1240 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    21:53:04.0608 1240 Microsoft Office Groove Audit Service - ok
    21:53:04.0655 1240 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:53:04.0655 1240 MMCSS - ok
    21:53:04.0655 1240 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    21:53:04.0670 1240 Modem - ok
    21:53:04.0733 1240 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    21:53:04.0733 1240 monitor - ok
    21:53:04.0780 1240 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    21:53:04.0780 1240 mouclass - ok
    21:53:04.0842 1240 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    21:53:04.0842 1240 mouhid - ok
    21:53:04.0889 1240 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    21:53:04.0889 1240 mountmgr - ok
    21:53:04.0920 1240 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    21:53:04.0920 1240 mpio - ok
    21:53:04.0951 1240 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    21:53:04.0951 1240 mpsdrv - ok
    21:53:05.0029 1240 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
    21:53:05.0029 1240 MREMP50 - ok
    21:53:05.0123 1240 MREMP50a64 - ok
    21:53:05.0138 1240 MREMPR5 - ok
    21:53:05.0138 1240 MRENDIS5 - ok
    21:53:05.0154 1240 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
    21:53:05.0154 1240 MRESP50 - ok
    21:53:05.0185 1240 MRESP50a64 - ok
    21:53:05.0232 1240 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    21:53:05.0232 1240 MRxDAV - ok
    21:53:05.0263 1240 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:53:05.0263 1240 mrxsmb - ok
    21:53:05.0326 1240 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:53:05.0326 1240 mrxsmb10 - ok
    21:53:05.0341 1240 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:53:05.0341 1240 mrxsmb20 - ok
    21:53:05.0404 1240 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    21:53:05.0404 1240 msahci - ok
    21:53:05.0435 1240 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    21:53:05.0435 1240 msdsm - ok
    21:53:05.0466 1240 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    21:53:05.0466 1240 MSDTC - ok
    21:53:05.0513 1240 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    21:53:05.0513 1240 Msfs - ok
    21:53:05.0528 1240 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    21:53:05.0528 1240 mshidkmdf - ok
    21:53:05.0560 1240 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    21:53:05.0560 1240 msisadrv - ok
    21:53:05.0622 1240 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    21:53:05.0622 1240 MSiSCSI - ok
    21:53:05.0638 1240 msiserver - ok
    21:53:05.0669 1240 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    21:53:05.0669 1240 MSKSSRV - ok
    21:53:05.0684 1240 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:53:05.0684 1240 MSPCLOCK - ok
    21:53:05.0700 1240 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    21:53:05.0700 1240 MSPQM - ok
    21:53:05.0747 1240 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    21:53:05.0747 1240 MsRPC - ok
    21:53:05.0794 1240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    21:53:05.0794 1240 mssmbios - ok
    21:53:05.0809 1240 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    21:53:05.0809 1240 MSTEE - ok
    21:53:05.0825 1240 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:53:05.0825 1240 MTConfig - ok
    21:53:05.0856 1240 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    21:53:05.0856 1240 Mup - ok
    21:53:05.0903 1240 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    21:53:05.0903 1240 napagent - ok
    21:53:05.0950 1240 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    21:53:05.0950 1240 NativeWifiP - ok
    21:53:06.0106 1240 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120327.008\ENG64.SYS
    21:53:06.0106 1240 NAVENG - ok
    21:53:06.0168 1240 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120327.008\EX64.SYS
    21:53:06.0184 1240 NAVEX15 - ok
    21:53:06.0246 1240 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    21:53:06.0246 1240 NDIS - ok
    21:53:06.0277 1240 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:53:06.0277 1240 NdisCap - ok
    21:53:06.0340 1240 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:53:06.0340 1240 NdisTapi - ok
    21:53:06.0371 1240 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:53:06.0371 1240 Ndisuio - ok
    21:53:06.0433 1240 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:53:06.0433 1240 NdisWan - ok
    21:53:06.0480 1240 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    21:53:06.0480 1240 NDProxy - ok
    21:53:06.0511 1240 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    21:53:06.0511 1240 NetBIOS - ok
    21:53:06.0589 1240 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    21:53:06.0589 1240 NetBT - ok
    21:53:06.0636 1240 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:53:06.0636 1240 Netlogon - ok
    21:53:06.0698 1240 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    21:53:06.0698 1240 Netman - ok
    21:53:06.0730 1240 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    21:53:06.0730 1240 netprofm - ok
    21:53:06.0823 1240 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:53:06.0823 1240 NetTcpPortSharing - ok
    21:53:06.0839 1240 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    21:53:06.0839 1240 nfrd960 - ok
    21:53:06.0886 1240 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    21:53:06.0901 1240 NlaSvc - ok
    21:53:07.0026 1240 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    21:53:07.0026 1240 nmservice - ok
    21:53:07.0042 1240 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    21:53:07.0042 1240 Npfs - ok
    21:53:07.0073 1240 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    21:53:07.0073 1240 nsi - ok
    21:53:07.0088 1240 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
     
  20. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    (part 2)

    21:53:07.0088 1240 nsiproxy - ok
    21:53:07.0151 1240 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    21:53:07.0151 1240 Ntfs - ok
    21:53:07.0166 1240 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    21:53:07.0166 1240 Null - ok
    21:53:07.0244 1240 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    21:53:07.0244 1240 nvraid - ok
    21:53:07.0276 1240 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    21:53:07.0291 1240 nvstor - ok
    21:53:07.0307 1240 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    21:53:07.0307 1240 nv_agp - ok
    21:53:07.0369 1240 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:53:07.0385 1240 odserv - ok
    21:53:07.0416 1240 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    21:53:07.0416 1240 ohci1394 - ok
    21:53:07.0510 1240 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:53:07.0510 1240 ose - ok
    21:53:07.0541 1240 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:53:07.0541 1240 p2pimsvc - ok
    21:53:07.0588 1240 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    21:53:07.0588 1240 p2psvc - ok
    21:53:07.0603 1240 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    21:53:07.0603 1240 Parport - ok
    21:53:07.0650 1240 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    21:53:07.0650 1240 partmgr - ok
    21:53:07.0650 1240 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    21:53:07.0650 1240 PcaSvc - ok
    21:53:07.0681 1240 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    21:53:07.0681 1240 pci - ok
    21:53:07.0697 1240 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    21:53:07.0697 1240 pciide - ok
    21:53:07.0697 1240 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:53:07.0712 1240 pcmcia - ok
    21:53:07.0712 1240 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    21:53:07.0712 1240 pcw - ok
    21:53:07.0759 1240 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    21:53:07.0759 1240 PEAUTH - ok
    21:53:07.0884 1240 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    21:53:07.0884 1240 PerfHost - ok
    21:53:07.0946 1240 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    21:53:07.0946 1240 pla - ok
    21:53:08.0024 1240 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    21:53:08.0024 1240 PlugPlay - ok
    21:53:08.0118 1240 Pml Driver HPZ12 (64ca1485214340cacc315ffdfded73ef) C:\Windows\system32\HPZipm12.dll
    21:53:08.0118 1240 Pml Driver HPZ12 - ok
    21:53:08.0196 1240 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
    21:53:08.0196 1240 pnarp - ok
    21:53:08.0243 1240 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    21:53:08.0243 1240 PNRPAutoReg - ok
    21:53:08.0258 1240 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:53:08.0258 1240 PNRPsvc - ok
    21:53:08.0290 1240 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    21:53:08.0290 1240 PolicyAgent - ok
    21:53:08.0336 1240 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    21:53:08.0352 1240 Power - ok
    21:53:08.0399 1240 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    21:53:08.0399 1240 PptpMiniport - ok
    21:53:08.0461 1240 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    21:53:08.0461 1240 Processor - ok
    21:53:08.0492 1240 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    21:53:08.0492 1240 ProfSvc - ok
    21:53:08.0524 1240 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:53:08.0524 1240 ProtectedStorage - ok
    21:53:08.0602 1240 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    21:53:08.0602 1240 Psched - ok
    21:53:08.0664 1240 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
    21:53:08.0664 1240 purendis - ok
    21:53:08.0695 1240 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    21:53:08.0695 1240 PxHlpa64 - ok
    21:53:08.0758 1240 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    21:53:08.0758 1240 ql2300 - ok
    21:53:08.0773 1240 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:53:08.0773 1240 ql40xx - ok
    21:53:08.0789 1240 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    21:53:08.0789 1240 QWAVE - ok
    21:53:08.0804 1240 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    21:53:08.0804 1240 QWAVEdrv - ok
    21:53:08.0820 1240 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    21:53:08.0820 1240 RasAcd - ok
    21:53:08.0867 1240 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:53:08.0867 1240 RasAgileVpn - ok
    21:53:08.0882 1240 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    21:53:08.0882 1240 RasAuto - ok
    21:53:08.0914 1240 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:53:08.0914 1240 Rasl2tp - ok
    21:53:08.0992 1240 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    21:53:08.0992 1240 RasMan - ok
    21:53:09.0023 1240 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:53:09.0023 1240 RasPppoe - ok
    21:53:09.0070 1240 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    21:53:09.0070 1240 RasSstp - ok
    21:53:09.0116 1240 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    21:53:09.0116 1240 rdbss - ok
    21:53:09.0132 1240 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:53:09.0132 1240 rdpbus - ok
    21:53:09.0148 1240 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:53:09.0148 1240 RDPCDD - ok
    21:53:09.0210 1240 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    21:53:09.0210 1240 RDPENCDD - ok
    21:53:09.0226 1240 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    21:53:09.0226 1240 RDPREFMP - ok
    21:53:09.0241 1240 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    21:53:09.0241 1240 RDPWD - ok
    21:53:09.0288 1240 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    21:53:09.0288 1240 rdyboost - ok
    21:53:09.0366 1240 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    21:53:09.0366 1240 RemoteAccess - ok
    21:53:09.0397 1240 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    21:53:09.0397 1240 RemoteRegistry - ok
    21:53:09.0460 1240 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    21:53:09.0460 1240 RFCOMM - ok
    21:53:09.0475 1240 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    21:53:09.0491 1240 RpcEptMapper - ok
    21:53:09.0522 1240 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    21:53:09.0538 1240 RpcLocator - ok
    21:53:09.0569 1240 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    21:53:09.0569 1240 RpcSs - ok
    21:53:09.0584 1240 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    21:53:09.0584 1240 rspndr - ok
    21:53:09.0678 1240 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    21:53:09.0678 1240 RTL8167 - ok
    21:53:09.0709 1240 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:53:09.0709 1240 SamSs - ok
    21:53:09.0756 1240 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    21:53:09.0756 1240 sbp2port - ok
    21:53:09.0787 1240 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    21:53:09.0803 1240 SCardSvr - ok
    21:53:09.0834 1240 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    21:53:09.0834 1240 scfilter - ok
    21:53:09.0896 1240 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    21:53:09.0896 1240 Schedule - ok
    21:53:09.0943 1240 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    21:53:09.0943 1240 SCPolicySvc - ok
    21:53:09.0959 1240 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    21:53:09.0959 1240 SDRSVC - ok
    21:53:10.0068 1240 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    21:53:10.0068 1240 SeaPort - ok
    21:53:10.0130 1240 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    21:53:10.0130 1240 secdrv - ok
    21:53:10.0162 1240 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    21:53:10.0162 1240 seclogon - ok
    21:53:10.0193 1240 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    21:53:10.0208 1240 SENS - ok
    21:53:10.0208 1240 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    21:53:10.0208 1240 SensrSvc - ok
    21:53:10.0224 1240 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    21:53:10.0224 1240 Serenum - ok
    21:53:10.0255 1240 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    21:53:10.0255 1240 Serial - ok
    21:53:10.0286 1240 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    21:53:10.0286 1240 sermouse - ok
    21:53:10.0349 1240 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    21:53:10.0349 1240 SessionEnv - ok
    21:53:10.0396 1240 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    21:53:10.0396 1240 sffdisk - ok
    21:53:10.0411 1240 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    21:53:10.0411 1240 sffp_mmc - ok
    21:53:10.0442 1240 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    21:53:10.0442 1240 sffp_sd - ok
    21:53:10.0458 1240 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:53:10.0458 1240 sfloppy - ok
    21:53:10.0520 1240 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    21:53:10.0520 1240 SharedAccess - ok
    21:53:10.0567 1240 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    21:53:10.0567 1240 ShellHWDetection - ok
    21:53:10.0583 1240 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:53:10.0583 1240 SiSRaid2 - ok
    21:53:10.0598 1240 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:53:10.0598 1240 SiSRaid4 - ok
    21:53:10.0630 1240 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    21:53:10.0630 1240 Smb - ok
    21:53:10.0770 1240 SmcService (ad97b711074cf27da0c00f2c26e1a62c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    21:53:10.0786 1240 SmcService - ok
    21:53:10.0848 1240 SNAC (91bd8e268d93aaf5f59aac9de84a25bb) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
    21:53:10.0848 1240 SNAC - ok
    21:53:10.0926 1240 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    21:53:10.0926 1240 SNMPTRAP - ok
    21:53:10.0926 1240 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    21:53:10.0942 1240 spldr - ok
    21:53:10.0973 1240 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    21:53:10.0973 1240 Spooler - ok
    21:53:11.0066 1240 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    21:53:11.0098 1240 sppsvc - ok
    21:53:11.0113 1240 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    21:53:11.0129 1240 sppuinotify - ok
    21:53:11.0176 1240 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
    21:53:11.0176 1240 SRTSP - ok
    21:53:11.0207 1240 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
    21:53:11.0207 1240 SRTSPL - ok
    21:53:11.0222 1240 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
    21:53:11.0222 1240 SRTSPX - ok
    21:53:11.0269 1240 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    21:53:11.0269 1240 srv - ok
    21:53:11.0316 1240 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    21:53:11.0332 1240 srv2 - ok
    21:53:11.0347 1240 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    21:53:11.0347 1240 srvnet - ok
    21:53:11.0410 1240 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    21:53:11.0410 1240 SSDPSRV - ok
    21:53:11.0441 1240 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    21:53:11.0441 1240 SstpSvc - ok
    21:53:11.0503 1240 Steam Client Service - ok
    21:53:11.0519 1240 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    21:53:11.0519 1240 stexstor - ok
    21:53:11.0581 1240 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    21:53:11.0581 1240 stisvc - ok
    21:53:11.0628 1240 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    21:53:11.0628 1240 swenum - ok
    21:53:11.0659 1240 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    21:53:11.0659 1240 swprv - ok
    21:53:11.0753 1240 Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    21:53:11.0768 1240 Symantec AntiVirus - ok
    21:53:11.0831 1240 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    21:53:11.0831 1240 SymEvent - ok
    21:53:11.0909 1240 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    21:53:11.0909 1240 SysMain - ok
    21:53:11.0956 1240 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    21:53:11.0956 1240 TabletInputService - ok
    21:53:12.0002 1240 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    21:53:12.0002 1240 TapiSrv - ok
    21:53:12.0034 1240 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    21:53:12.0034 1240 TBS - ok
    21:53:12.0127 1240 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    21:53:12.0127 1240 Tcpip - ok
    21:53:12.0205 1240 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    21:53:12.0221 1240 TCPIP6 - ok
    21:53:12.0236 1240 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    21:53:12.0236 1240 tcpipreg - ok
    21:53:12.0314 1240 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    21:53:12.0314 1240 TDPIPE - ok
    21:53:12.0314 1240 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    21:53:12.0314 1240 TDTCP - ok
    21:53:12.0361 1240 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    21:53:12.0361 1240 tdx - ok
    21:53:12.0408 1240 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    21:53:12.0408 1240 TermDD - ok
    21:53:12.0439 1240 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    21:53:12.0439 1240 TermService - ok
    21:53:12.0470 1240 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    21:53:12.0470 1240 Themes - ok
    21:53:12.0502 1240 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:53:12.0517 1240 THREADORDER - ok
    21:53:12.0517 1240 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    21:53:12.0517 1240 TrkWks - ok
    21:53:12.0580 1240 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    21:53:12.0580 1240 TrustedInstaller - ok
    21:53:12.0626 1240 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:53:12.0626 1240 tssecsrv - ok
    21:53:12.0689 1240 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    21:53:12.0704 1240 TsUsbFlt - ok
    21:53:12.0767 1240 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    21:53:12.0767 1240 tunnel - ok
    21:53:12.0782 1240 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    21:53:12.0782 1240 uagp35 - ok
    21:53:12.0829 1240 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    21:53:12.0829 1240 udfs - ok
    21:53:12.0860 1240 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    21:53:12.0876 1240 UI0Detect - ok
    21:53:12.0892 1240 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    21:53:12.0892 1240 uliagpkx - ok
    21:53:12.0970 1240 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    21:53:12.0970 1240 umbus - ok
    21:53:12.0970 1240 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    21:53:12.0985 1240 UmPass - ok
    21:53:13.0016 1240 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    21:53:13.0016 1240 upnphost - ok
    21:53:13.0079 1240 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    21:53:13.0079 1240 USBAAPL64 - ok
    21:53:13.0110 1240 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:53:13.0110 1240 usbccgp - ok
    21:53:13.0157 1240 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    21:53:13.0157 1240 usbcir - ok
    21:53:13.0188 1240 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:53:13.0188 1240 usbehci - ok
    21:53:13.0204 1240 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    21:53:13.0204 1240 usbhub - ok
    21:53:13.0235 1240 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    21:53:13.0235 1240 usbohci - ok
    21:53:13.0297 1240 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    21:53:13.0297 1240 usbprint - ok
    21:53:13.0328 1240 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    21:53:13.0328 1240 usbscan - ok
    21:53:13.0344 1240 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:53:13.0344 1240 USBSTOR - ok
    21:53:13.0360 1240 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:53:13.0360 1240 usbuhci - ok
    21:53:13.0391 1240 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    21:53:13.0391 1240 UxSms - ok
    21:53:13.0422 1240 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:53:13.0422 1240 VaultSvc - ok
    21:53:13.0500 1240 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    21:53:13.0500 1240 vdrvroot - ok
    21:53:13.0531 1240 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    21:53:13.0547 1240 vds - ok
    21:53:13.0578 1240 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:53:13.0578 1240 vga - ok
    21:53:13.0625 1240 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    21:53:13.0625 1240 VgaSave - ok
    21:53:13.0656 1240 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    21:53:13.0656 1240 vhdmp - ok
    21:53:13.0687 1240 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    21:53:13.0687 1240 viaide - ok
    21:53:13.0703 1240 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    21:53:13.0703 1240 volmgr - ok
    21:53:13.0750 1240 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    21:53:13.0750 1240 volmgrx - ok
    21:53:13.0765 1240 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    21:53:13.0765 1240 volsnap - ok
    21:53:13.0781 1240 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:53:13.0781 1240 vsmraid - ok
    21:53:13.0843 1240 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    21:53:13.0859 1240 VSS - ok
    21:53:13.0890 1240 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    21:53:13.0890 1240 vwifibus - ok
    21:53:13.0921 1240 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    21:53:13.0921 1240 W32Time - ok
    21:53:13.0937 1240 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    21:53:13.0937 1240 WacomPen - ok
    21:53:13.0999 1240 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:53:13.0999 1240 WANARP - ok
    21:53:14.0015 1240 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:53:14.0015 1240 Wanarpv6 - ok
    21:53:14.0093 1240 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    21:53:14.0093 1240 WatAdminSvc - ok
    21:53:14.0155 1240 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    21:53:14.0155 1240 wbengine - ok
    21:53:14.0202 1240 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    21:53:14.0202 1240 WbioSrvc - ok
    21:53:14.0233 1240 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    21:53:14.0233 1240 wcncsvc - ok
    21:53:14.0280 1240 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    21:53:14.0280 1240 WcsPlugInService - ok
    21:53:14.0296 1240 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    21:53:14.0296 1240 Wd - ok
    21:53:14.0327 1240 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    21:53:14.0342 1240 Wdf01000 - ok
    21:53:14.0358 1240 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:53:14.0358 1240 WdiServiceHost - ok
    21:53:14.0358 1240 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:53:14.0374 1240 WdiSystemHost - ok
    21:53:14.0420 1240 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    21:53:14.0420 1240 WebClient - ok
    21:53:14.0467 1240 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    21:53:14.0467 1240 Wecsvc - ok
    21:53:14.0498 1240 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    21:53:14.0498 1240 wercplsupport - ok
    21:53:14.0514 1240 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    21:53:14.0530 1240 WerSvc - ok
    21:53:14.0530 1240 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:53:14.0530 1240 WfpLwf - ok
    21:53:14.0561 1240 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    21:53:14.0561 1240 WIMMount - ok
    21:53:14.0561 1240 WinHttpAutoProxySvc - ok
    21:53:14.0639 1240 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    21:53:14.0639 1240 Winmgmt - ok
    21:53:14.0701 1240 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    21:53:14.0717 1240 WinRM - ok
    21:53:14.0810 1240 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    21:53:14.0810 1240 WinUsb - ok
    21:53:14.0842 1240 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    21:53:14.0842 1240 Wlansvc - ok
    21:53:14.0998 1240 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:53:15.0013 1240 wlidsvc - ok
    21:53:15.0044 1240 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    21:53:15.0044 1240 WmiAcpi - ok
    21:53:15.0060 1240 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    21:53:15.0060 1240 wmiApSrv - ok
    21:53:15.0107 1240 WMPNetworkSvc - ok
    21:53:15.0154 1240 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    21:53:15.0154 1240 WPCSvc - ok
    21:53:15.0200 1240 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    21:53:15.0200 1240 WPDBusEnum - ok
    21:53:15.0247 1240 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    21:53:15.0247 1240 ws2ifsl - ok
    21:53:15.0247 1240 WSearch - ok
    21:53:15.0325 1240 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    21:53:15.0341 1240 wuauserv - ok
    21:53:15.0388 1240 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    21:53:15.0388 1240 WudfPf - ok
    21:53:15.0450 1240 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:53:15.0450 1240 WUDFRd - ok
    21:53:15.0497 1240 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    21:53:15.0497 1240 wudfsvc - ok
    21:53:15.0528 1240 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    21:53:15.0528 1240 WwanSvc - ok
    21:53:15.0590 1240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    21:53:15.0668 1240 \Device\Harddisk0\DR0 - ok
    21:53:15.0668 1240 Boot (0x1200) (64d62d7edf746ce3c8ec88750a07cfc6) \Device\Harddisk0\DR0\Partition0
    21:53:15.0668 1240 \Device\Harddisk0\DR0\Partition0 - ok
    21:53:15.0684 1240 Boot (0x1200) (837166823f8125234e9447aedcc86f9b) \Device\Harddisk0\DR0\Partition1
    21:53:15.0684 1240 \Device\Harddisk0\DR0\Partition1 - ok
    21:53:15.0684 1240 ============================================================
    21:53:15.0684 1240 Scan finished
    21:53:15.0684 1240 ============================================================
    21:53:15.0684 1412 Detected object count: 0
    21:53:15.0684 1412 Actual detected object count: 0
    21:53:24.0529 1520 Deinitialize success
     
  21. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  22. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    I can't download anything on my computer in safe mode right now. Are you saying to download it onto the USB drive from my working computer and transfer the Combofix program to the infected computer and run it in safe mode there? Can I do that?
     
  23. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    There is a good chance that normal mode may work just fine now.
    Try it first.

    If not, yes, "download it onto the USB drive from my working computer and transfer the Combofix program to the infected computer and run it in safe mode there"
     
  24. mmcook

    mmcook TS Rookie Topic Starter Posts: 75

    Normal mode does not work. When I booted it almost immediately gave me the same multiple "System Message Write Fault Errors" that I described before. It was at least a dozen pop ups. I clicked continue through all of them. This was followed by a message saying "System Error Hard Disk Failure. Windows has lost access to the system partition during I/O process. This may also lead to potential loss of data. Highly recommended to run complete HDD scan to prevent lost* of files, applications and documents.

    * it was misspelled like that in the message - "lost" instead of "loss"

    My choices were to Scan and Repair or Scan Later (reboot required). I just X'd out of the box and the computer immediately rebooted itself. I have now shut it down.

    Do you know what is causing this? Is it somthing you think Combofix can fix?

    Would trying to run malwarebytes from safe mode be a bad idea right now?

    Thank you so much for your help with all this.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    "download it onto the USB drive from my working computer and transfer the Combofix program to the infected computer and run it in safe mode there"
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.