Inactive [A] Malwarebytes Anti-Malware found a trojan but I cannot remove it

[empireant]

I ran Malwarebytes Anti-malware and it found a trojan, but I cannot remove it. It tells me to reboot the computer to remove it, but when I try to I get a blue screen with memory crash dump and I can't so anything unless I do an improper shutdown. Here is the log from the scan:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
William :: WILLIAM-HP [administrator]

Protection: Enabled

2/4/2012 10:03:42 PM
mbam-log-2012-02-04 (22-03-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183939
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4416 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

 

[Broni]

Same computer as here: https://www.techspot.com/vb/topic177105.html?

 

[empireant]

Yes, my post was moved to that forum as the admins felt it wasn't a malware issue; but in the meantime I did the malware scan and it found a trojan. Can you please tell me what I should do to remove it as the computer won't reboot? I appreciate the help...this is driving me insane!

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[empireant]

Thanks Broni! I will try to start working on it as soon as possible.

 

[empireant]

OK, Antivirus didn't find anything other than tracking cookies.
Malwarebytes' AntiMalware found trojans. Here is the log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
William :: WILLIAM-HP [administrator]

Protection: Enabled

2/8/2012 8:39:49 PM
mbam-log-2012-02-08 (20-39-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185229
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2912 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0

 

[empireant]

Please note that in order to remove it, it asks me to restart the computer, but my computer won't restart. I have to improperly shut it down and when I turn it on and start windows normally, I get a blue screen with memory crash dump...

 

[Broni]

Go on with other scans....

 

[empireant]

GMER's log was blank. I'm moving on to the next step.

 

[empireant]

Here is the DDS Scan Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by William at 22:12:18 on 2012-02-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.5260 [GMT -5:00]
.
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
-netsvcs
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps10312011
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\William\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-JEEN9.exe" /REG /REGSVRMODE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{CF34AD8A-A0EB-4FCC-945B-F9E1E30A8EF2} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{CF34AD8A-A0EB-4FCC-945B-F9E1E30A8EF2}\A41636175756C696E6560284577676564747723702E4564777F627B6 : DhcpNameServer = 10.0.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO-X64: XFINITY Toolbar - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO-X64: Updater For XFIN_PORTAL - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [InnoSetupRegFile.0000000001] "C:\Windows\is-JEEN9.exe" /REG /REGSVRMODE
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120207.005\IDSviA64.sys [2012-2-7 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-1 89600]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-1-31 65096]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-4 652360]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe [2012-1-25 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2012-1-25 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-1 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-12 136176]
S2 NIS;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-12 136176]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-09 01:48:36 709968 ----a-w- C:\Windows\is-JEEN9.exe
2012-02-09 01:26:40 -------- d-----w- C:\Users\William\AppData\Roaming\HpUpdate
2012-02-08 01:07:45 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-02-08 01:07:45 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-02-08 01:07:45 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-02-08 01:07:45 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-02-08 01:07:45 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-02-08 01:07:45 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-02-08 01:07:36 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502000.00D
2012-02-05 16:41:47 20480 ------w- C:\Windows\svchost.exe
2012-02-05 01:58:44 -------- d-----w- C:\Users\William\AppData\Roaming\Malwarebytes
2012-02-05 01:58:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-05 01:58:36 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-05 01:58:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-28 20:04:43 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-25 17:45:28 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64\0200110.014
2012-01-25 17:45:28 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64
2012-01-25 17:45:27 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup
2012-01-24 18:31:23 -------- d-----w- C:\ProgramData\UAB
2012-01-24 18:31:19 -------- d-----w- C:\Users\William\AppData\Local\PC_Drivers_Headquarters
2012-01-24 18:31:14 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters
2012-01-24 18:30:38 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters
2012-01-10 22:44:19 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-10 22:44:19 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-10 22:44:18 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-10 22:44:18 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-10 22:44:17 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-10 22:44:16 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-10 22:44:16 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-10 22:44:16 1731920 ----a-w- C:\Windows\System32\ntdll.dll
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 14:11:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 22:12:59.95 ===============

 

[empireant]

DDA Attach Log zipped and attached as requested.

 

[empireant]

Sorry, just saw now that you don't want the Attach log zipped and attached. Here it is:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/23/2011 6:21:07 PM
System Uptime: 2/5/2012 10:58:09 PM (72 hours ago)
.
Motherboard: Hewlett-Packard | | 144C
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU | 2128/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 576 GiB total, 503.654 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.588 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.082 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP89: 1/2/2012 8:16:02 AM - Windows Update
RP90: 1/7/2012 8:00:49 AM - Windows Update
RP91: 1/8/2012 9:52:34 PM - HPSF Restore Point
RP92: 1/16/2012 4:08:43 PM - Windows Update
RP93: 1/21/2012 9:31:55 AM - Windows Update
RP94: 1/24/2012 1:30:17 PM - Installed Driver Detective.
RP95: 1/28/2012 3:05:00 PM - Installed HP Support Assistant
RP96: 1/28/2012 3:07:13 PM - Windows Modules Installer
RP97: 1/28/2012 3:07:55 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player 11.5
Adobe Shockwave Player 11.6
Ask Toolbar
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Blackhawk Striker 2
BufferChm
Build-a-lot 2
CA Pest Patrol Realtime Protection
Chuzzle Deluxe
CinemaNow Media Manager
Constant Guard Protection Suite
CyberLink DVD Suite
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DivX Setup
DocMgr
DocProc
Dora's Carnival Adventure
Driver Detective
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.1.1.1
FATE
Fax
Final Drive Nitro
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
GuardedID
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HPProductAssistant
HPSSupply
Hulu Desktop
IDT Audio
Insaniquarium Deluxe
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 29
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Bootable Recovery Tool Wizard
Norton Internet Security
Norton Online Backup
Norton PC Checkup
Norton Security Suite
Octoshape add-in for Adobe Flash Player
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Status
Times Reader
Toolbox
TrayApp
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Virtual Families
Virtual Villagers - The Secret City
WebReg
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
World of Warcraft
XFINITY Toolbar
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/8/2012 6:39:13 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer IMAC-008C5D that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CF34AD8A-A0EB-4FCC-945B-F9E1E30A8EF2}. The master browser is stopping or an election is being forced.
2/5/2012 11:00:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
2/5/2012 10:59:51 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the file specified.
2/4/2012 4:38:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Online Backup service to connect.
2/4/2012 4:38:22 PM, Error: Service Control Manager [7000] - The Norton Online Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/4/2012 11:29:51 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 10:37:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/4/2012 10:35:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/4/2012 10:35:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/4/2012 10:35:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/4/2012 10:35:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/4/2012 10:35:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/4/2012 10:33:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cbcf6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020412-32339-01.
2/4/2012 10:33:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
2/4/2012 10:33:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/4/2012 10:33:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 10:33:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 10:33:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 10:33:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 10:33:53 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 10:33:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 10:33:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/4/2012 10:33:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/4/2012 10:33:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/4/2012 10:33:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/4/2012 10:00:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c64f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020412-53180-01.
.
==== End Of File ===========================

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[empireant]

aswMBR Log:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 21:33:04
-----------------------------
21:33:04.414 OS Version: Windows x64 6.1.7601 Service Pack 1
21:33:04.414 Number of processors: 4 586 0x2505
21:33:04.415 ComputerName: WILLIAM-HP UserName: William
21:33:07.320 Initialize success
21:34:41.505 AVAST engine defs: 12021001
21:35:27.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:35:27.050 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
21:35:27.053 Device \Driver\iaStor -> MajorFunction fffffa800a6da5c4
21:35:27.058 Disk 0 MBR read successfully
21:35:27.062 Disk 0 MBR scan
21:35:27.070 Disk 0 unknown MBR code
21:35:27.082 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:35:27.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 589746 MB offset 409600
21:35:27.144 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20430 MB offset 1208209408
21:35:27.208 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
21:35:27.219 Service scanning
21:35:28.553 Modules scanning
21:35:28.561 Disk 0 trace - called modules:
21:35:28.574 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa800a6da5c4]<<
21:35:28.582 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082de790]
21:35:28.590 3 CLASSPNP.SYS[fffff88001d5e43f] -> nt!IofCallDriver -> [0xfffffa800819bb10]
21:35:28.598 5 hpdskflt.sys[fffff88001d05189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008093050]
21:35:28.606 \Driver\iaStor[0xfffffa800a6a7e70] -> IRP_MJ_CREATE -> 0xfffffa800a6da5c4
21:35:33.480 AVAST engine scan C:\Windows
21:35:37.672 AVAST engine scan C:\Windows\system32
21:39:29.125 AVAST engine scan C:\Windows\system32\drivers
21:39:50.284 AVAST engine scan C:\Users\William
21:41:49.369 AVAST engine scan C:\ProgramData
21:44:45.639 Scan finished successfully
21:45:20.536 Disk 0 MBR has been saved successfully to "C:\Users\William\Desktop\MBR.dat"
21:45:20.541 The log file has been saved successfully to "C:\Users\William\Desktop\aswMBR.txt"

 

[empireant]

Bootkit Remover
<c> 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 <build 7601>
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

Size Device Name MBR Status
-----------------------------------------------------------
596 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

 

[Broni]

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.

 

[empireant]

ListParts by Farbar
Ran by William on 10-02-2012 at 22:11:18
Windows 7 (X64)
Running From: C:\Users\William\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 32%
Total physical RAM: 7989.86 MB
Available physical RAM: 5413.32 MB
Total Pagefile: 15977.91 MB
Available Pagefile: 13093.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:575.92 GB) (Free:505.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:19.95 GB) (Free:2.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 575 GB 200 MB
Partition 3 Primary 19 GB 576 GB
Partition 4 Primary 103 MB 596 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 575 GB Healthy Boot

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 19 GB Healthy

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy



****** End Of Log ******

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[empireant]

22:16:06.0900 2972 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
22:16:07.0238 2972 ============================================================
22:16:07.0238 2972 Current date / time: 2012/02/10 22:16:07.0238
22:16:07.0238 2972 SystemInfo:
22:16:07.0238 2972
22:16:07.0238 2972 OS Version: 6.1.7601 ServicePack: 1.0
22:16:07.0238 2972 Product type: Workstation
22:16:07.0238 2972 ComputerName: WILLIAM-HP
22:16:07.0239 2972 UserName: William
22:16:07.0239 2972 Windows directory: C:\Windows
22:16:07.0239 2972 System windows directory: C:\Windows
22:16:07.0239 2972 Running under WOW64
22:16:07.0239 2972 Processor architecture: Intel x64
22:16:07.0239 2972 Number of processors: 4
22:16:07.0239 2972 Page size: 0x1000
22:16:07.0239 2972 Boot type: Normal boot
22:16:07.0239 2972 ============================================================
22:16:07.0897 2972 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:16:07.0946 2972 \Device\Harddisk0\DR0:
22:16:07.0947 2972 MBR used
22:16:07.0947 2972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:16:07.0947 2972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x47FD9000
22:16:07.0947 2972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4803D000, BlocksNum 0x27E7000
22:16:07.0947 2972 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
22:16:08.0213 2972 Initialize success
22:16:08.0213 2972 ============================================================
22:16:11.0694 6964 ============================================================
22:16:11.0694 6964 Scan started
22:16:11.0694 6964 Mode: Manual;
22:16:11.0694 6964 ============================================================
22:16:12.0493 6964 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:16:12.0497 6964 1394ohci - ok
22:16:12.0548 6964 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
22:16:12.0549 6964 Accelerometer - ok
22:16:12.0614 6964 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:16:12.0621 6964 ACPI - ok
22:16:12.0718 6964 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:16:12.0719 6964 AcpiPmi - ok
22:16:12.0784 6964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:16:12.0794 6964 adp94xx - ok
22:16:12.0832 6964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:16:12.0838 6964 adpahci - ok
22:16:12.0865 6964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:16:12.0868 6964 adpu320 - ok
22:16:13.0007 6964 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:16:13.0017 6964 AFD - ok
22:16:13.0122 6964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:16:13.0123 6964 agp440 - ok
22:16:13.0257 6964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:16:13.0258 6964 aliide - ok
22:16:13.0294 6964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:16:13.0294 6964 amdide - ok
22:16:13.0396 6964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:16:13.0397 6964 AmdK8 - ok
22:16:13.0443 6964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:16:13.0444 6964 AmdPPM - ok
22:16:13.0552 6964 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:16:13.0553 6964 amdsata - ok
22:16:13.0630 6964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:16:13.0635 6964 amdsbs - ok
22:16:13.0668 6964 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:16:13.0668 6964 amdxata - ok
22:16:13.0804 6964 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:16:13.0805 6964 AppID - ok
22:16:13.0922 6964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:16:13.0923 6964 arc - ok
22:16:13.0947 6964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:16:13.0949 6964 arcsas - ok
22:16:14.0009 6964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:16:14.0010 6964 AsyncMac - ok
22:16:14.0131 6964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:16:14.0132 6964 atapi - ok
22:16:14.0261 6964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:16:14.0269 6964 b06bdrv - ok
22:16:14.0326 6964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:16:14.0333 6964 b57nd60a - ok
22:16:14.0447 6964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:16:14.0447 6964 Beep - ok
22:16:14.0683 6964 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys
22:16:14.0694 6964 BHDrvx64 - ok
22:16:14.0801 6964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:16:14.0804 6964 blbdrive - ok
22:16:14.0861 6964 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:16:14.0862 6964 bowser - ok
22:16:14.0964 6964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:16:14.0965 6964 BrFiltLo - ok
22:16:14.0994 6964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:16:14.0995 6964 BrFiltUp - ok
22:16:15.0058 6964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:16:15.0064 6964 Brserid - ok
22:16:15.0087 6964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:16:15.0088 6964 BrSerWdm - ok
22:16:15.0191 6964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:16:15.0193 6964 BrUsbMdm - ok
22:16:15.0220 6964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:16:15.0222 6964 BrUsbSer - ok
22:16:15.0285 6964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:16:15.0286 6964 BTHMODEM - ok
22:16:15.0414 6964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:16:15.0416 6964 cdfs - ok
22:16:15.0485 6964 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:16:15.0488 6964 cdrom - ok
22:16:15.0596 6964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:16:15.0597 6964 circlass - ok
22:16:15.0658 6964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:16:15.0666 6964 CLFS - ok
22:16:15.0780 6964 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
22:16:15.0781 6964 clwvd - ok
22:16:15.0831 6964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:16:15.0831 6964 CmBatt - ok
22:16:15.0905 6964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:16:15.0906 6964 cmdide - ok
22:16:15.0958 6964 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:16:15.0966 6964 CNG - ok
22:16:16.0077 6964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:16:16.0078 6964 Compbatt - ok
22:16:16.0177 6964 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:16:16.0178 6964 CompositeBus - ok
22:16:16.0243 6964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:16:16.0243 6964 crcdisk - ok
22:16:16.0400 6964 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:16:16.0401 6964 DfsC - ok
22:16:16.0507 6964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:16:16.0508 6964 discache - ok
22:16:16.0556 6964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:16:16.0558 6964 Disk - ok
22:16:16.0655 6964 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:16:16.0658 6964 Dot4 - ok
22:16:16.0704 6964 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:16:16.0705 6964 Dot4Print - ok
22:16:16.0757 6964 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:16:16.0758 6964 dot4usb - ok
22:16:16.0880 6964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:16:16.0881 6964 drmkaud - ok
22:16:16.0944 6964 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:16:16.0952 6964 DXGKrnl - ok
22:16:17.0094 6964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:16:17.0168 6964 ebdrv - ok
22:16:17.0255 6964 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:16:17.0258 6964 eeCtrl - ok
22:16:17.0383 6964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:16:17.0391 6964 elxstor - ok
22:16:17.0465 6964 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:16:17.0466 6964 EraserUtilRebootDrv - ok
22:16:17.0562 6964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:16:17.0564 6964 ErrDev - ok
22:16:17.0621 6964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:16:17.0623 6964 exfat - ok
22:16:17.0647 6964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:16:17.0651 6964 fastfat - ok
22:16:17.0739 6964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:16:17.0741 6964 fdc - ok
22:16:17.0792 6964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:16:17.0795 6964 FileInfo - ok
22:16:17.0840 6964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:16:17.0842 6964 Filetrace - ok
22:16:17.0875 6964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:16:17.0876 6964 flpydisk - ok
22:16:17.0930 6964 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:16:17.0935 6964 FltMgr - ok
22:16:18.0050 6964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:16:18.0051 6964 FsDepends - ok
22:16:18.0086 6964 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:16:18.0087 6964 Fs_Rec - ok
22:16:18.0205 6964 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:16:18.0210 6964 fvevol - ok
22:16:18.0289 6964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:16:18.0291 6964 gagp30kx - ok
22:16:18.0438 6964 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:16:18.0439 6964 GEARAspiWDM - ok
22:16:18.0511 6964 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
22:16:18.0512 6964 GIDv2 - ok
22:16:18.0659 6964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:16:18.0660 6964 hcw85cir - ok
22:16:18.0727 6964 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:16:18.0734 6964 HdAudAddService - ok
22:16:18.0770 6964 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:16:18.0773 6964 HDAudBus - ok
22:16:18.0839 6964 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:16:18.0841 6964 HECIx64 - ok
22:16:18.0927 6964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:16:18.0928 6964 HidBatt - ok
22:16:18.0942 6964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:16:18.0944 6964 HidBth - ok
22:16:18.0957 6964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:16:18.0958 6964 HidIr - ok
22:16:19.0068 6964 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:16:19.0069 6964 HidUsb - ok
22:16:19.0207 6964 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
22:16:19.0208 6964 hpdskflt - ok
22:16:19.0361 6964 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:16:19.0362 6964 HpSAMD - ok
22:16:19.0487 6964 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:16:19.0498 6964 HTTP - ok
22:16:19.0604 6964 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:16:19.0605 6964 hwpolicy - ok
22:16:19.0709 6964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:16:19.0713 6964 i8042prt - ok
22:16:19.0776 6964 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
22:16:19.0782 6964 iaStor - ok
22:16:19.0880 6964 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:16:19.0889 6964 iaStorV - ok
22:16:20.0088 6964 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120210.002\IDSvia64.sys
22:16:20.0093 6964 IDSVia64 - ok
22:16:20.0405 6964 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:16:20.0616 6964 igfx - ok
22:16:20.0737 6964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:16:20.0738 6964 iirsp - ok
22:16:20.0808 6964 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
22:16:20.0812 6964 Impcd - ok
22:16:20.0885 6964 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:16:20.0891 6964 IntcDAud - ok
22:16:20.0997 6964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:16:20.0998 6964 intelide - ok
22:16:21.0108 6964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:16:21.0111 6964 intelppm - ok
22:16:21.0152 6964 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:16:21.0154 6964 IpFilterDriver - ok
22:16:21.0188 6964 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:16:21.0189 6964 IPMIDRV - ok
22:16:21.0287 6964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:16:21.0288 6964 IPNAT - ok
22:16:21.0320 6964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:16:21.0323 6964 IRENUM - ok
22:16:21.0365 6964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:16:21.0367 6964 isapnp - ok
22:16:21.0407 6964 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:16:21.0413 6964 iScsiPrt - ok
22:16:21.0478 6964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:16:21.0479 6964 kbdclass - ok
22:16:21.0525 6964 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:16:21.0526 6964 kbdhid - ok
22:16:21.0595 6964 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:16:21.0598 6964 KSecDD - ok
22:16:21.0694 6964 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:16:21.0698 6964 KSecPkg - ok
22:16:21.0811 6964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:16:21.0812 6964 ksthunk - ok
22:16:21.0936 6964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:16:21.0937 6964 lltdio - ok
22:16:22.0067 6964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:16:22.0069 6964 LSI_FC - ok
22:16:22.0095 6964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:16:22.0096 6964 LSI_SAS - ok
22:16:22.0152 6964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:16:22.0153 6964 LSI_SAS2 - ok
22:16:22.0268 6964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:16:22.0272 6964 LSI_SCSI - ok
22:16:22.0307 6964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:16:22.0308 6964 luafv - ok
22:16:22.0444 6964 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
22:16:22.0445 6964 MBAMProtector - ok
22:16:22.0560 6964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:16:22.0561 6964 megasas - ok
22:16:22.0594 6964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:16:22.0598 6964 MegaSR - ok
22:16:22.0833 6964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:16:22.0835 6964 Modem - ok
22:16:22.0868 6964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:16:22.0868 6964 monitor - ok
22:16:22.0980 6964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:16:22.0981 6964 mouclass - ok
22:16:23.0091 6964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:16:23.0092 6964 mouhid - ok
22:16:23.0143 6964 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:16:23.0145 6964 mountmgr - ok
22:16:23.0240 6964 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:16:23.0245 6964 mpio - ok
22:16:23.0295 6964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:16:23.0296 6964 mpsdrv - ok
22:16:23.0424 6964 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:16:23.0428 6964 MRxDAV - ok
22:16:23.0569 6964 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:16:23.0573 6964 mrxsmb - ok
22:16:23.0677 6964 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:16:23.0681 6964 mrxsmb10 - ok
22:16:23.0739 6964 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:16:23.0741 6964 mrxsmb20 - ok
22:16:23.0788 6964 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:16:23.0789 6964 msahci - ok
22:16:23.0846 6964 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:16:23.0849 6964 msdsm - ok
22:16:23.0894 6964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:16:23.0896 6964 Msfs - ok
22:16:23.0919 6964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:16:23.0920 6964 mshidkmdf - ok
22:16:24.0017 6964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:16:24.0018 6964 msisadrv - ok
22:16:24.0137 6964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:16:24.0137 6964 MSKSSRV - ok
22:16:24.0240 6964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:16:24.0240 6964 MSPCLOCK - ok
22:16:24.0343 6964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:16:24.0343 6964 MSPQM - ok
22:16:24.0396 6964 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:16:24.0403 6964 MsRPC - ok
22:16:24.0452 6964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:16:24.0453 6964 mssmbios - ok
22:16:24.0556 6964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:16:24.0556 6964 MSTEE - ok
22:16:24.0580 6964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:16:24.0581 6964 MTConfig - ok
22:16:24.0648 6964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:16:24.0649 6964 Mup - ok
22:16:24.0803 6964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:16:24.0809 6964 NativeWifiP - ok
22:16:24.0962 6964 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120210.003\ENG64.SYS
22:16:24.0964 6964 NAVENG - ok
22:16:25.0174 6964 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120210.003\EX64.SYS
22:16:25.0193 6964 NAVEX15 - ok
22:16:25.0326 6964 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:16:25.0358 6964 NDIS - ok
22:16:25.0452 6964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:16:25.0452 6964 NdisCap - ok
22:16:25.0520 6964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:16:25.0521 6964 NdisTapi - ok
22:16:25.0629 6964 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:16:25.0630 6964 Ndisuio - ok
22:16:25.0685 6964 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:16:25.0689 6964 NdisWan - ok
22:16:25.0713 6964 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:16:25.0715 6964 NDProxy - ok
22:16:25.0789 6964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:16:25.0790 6964 NetBIOS - ok
22:16:25.0820 6964 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:16:25.0825 6964 NetBT - ok
22:16:26.0146 6964 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
22:16:26.0319 6964 NETw5s64 - ok
22:16:26.0535 6964 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:16:26.0665 6964 netw5v64 - ok
22:16:26.0978 6964 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
22:16:27.0148 6964 NETwNs64 - ok
22:16:27.0244 6964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:16:27.0247 6964 nfrd960 - ok
22:16:27.0392 6964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:16:27.0393 6964 Npfs - ok
22:16:27.0432 6964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:16:27.0433 6964 nsiproxy - ok
22:16:27.0555 6964 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:16:27.0599 6964 Ntfs - ok
22:16:27.0696 6964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:16:27.0698 6964 Null - ok
22:16:27.0746 6964 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:16:27.0750 6964 nvraid - ok
22:16:27.0805 6964 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:16:27.0808 6964 nvstor - ok
22:16:27.0878 6964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:16:27.0879 6964 nv_agp - ok
22:16:27.0938 6964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:16:27.0939 6964 ohci1394 - ok
22:16:28.0041 6964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:16:28.0044 6964 Parport - ok
22:16:28.0098 6964 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:16:28.0100 6964 partmgr - ok
22:16:28.0210 6964 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:16:28.0214 6964 pci - ok
22:16:28.0258 6964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:16:28.0258 6964 pciide - ok
22:16:28.0311 6964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:16:28.0315 6964 pcmcia - ok
22:16:28.0375 6964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:16:28.0376 6964 pcw - ok
22:16:28.0430 6964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:16:28.0452 6964 PEAUTH - ok
22:16:28.0660 6964 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:16:28.0662 6964 PptpMiniport - ok
22:16:28.0704 6964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:16:28.0705 6964 Processor - ok
22:16:28.0758 6964 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:16:28.0761 6964 Psched - ok
22:16:28.0819 6964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:16:28.0852 6964 ql2300 - ok
22:16:28.0866 6964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:16:28.0868 6964 ql40xx - ok
22:16:28.0893 6964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:16:28.0894 6964 QWAVEdrv - ok
22:16:28.0906 6964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:16:28.0906 6964 RasAcd - ok
22:16:28.0990 6964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:16:28.0991 6964 RasAgileVpn - ok
22:16:29.0040 6964 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:16:29.0044 6964 Rasl2tp - ok
22:16:29.0096 6964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:16:29.0098 6964 RasPppoe - ok
22:16:29.0126 6964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:16:29.0127 6964 RasSstp - ok
22:16:29.0195 6964 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:16:29.0201 6964 rdbss - ok
22:16:29.0238 6964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:16:29.0239 6964 rdpbus - ok
22:16:29.0260 6964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:16:29.0261 6964 RDPCDD - ok
22:16:29.0362 6964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:16:29.0363 6964 RDPENCDD - ok
22:16:29.0402 6964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:16:29.0403 6964 RDPREFMP - ok
22:16:29.0487 6964 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:16:29.0489 6964 RDPWD - ok
22:16:29.0595 6964 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:16:29.0600 6964 rdyboost - ok
22:16:29.0737 6964 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
22:16:29.0738 6964 RimUsb - ok
22:16:29.0849 6964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:16:29.0851 6964 rspndr - ok
22:16:29.0962 6964 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
22:16:29.0966 6964 RSUSBSTOR - ok
22:16:30.0086 6964 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:16:30.0089 6964 RTL8167 - ok
22:16:30.0192 6964 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:16:30.0193 6964 sbp2port - ok
22:16:30.0285 6964 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:16:30.0286 6964 scfilter - ok
22:16:30.0397 6964 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:16:30.0398 6964 sdbus - ok
22:16:30.0519 6964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:16:30.0520 6964 secdrv - ok
22:16:30.0616 6964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:16:30.0617 6964 Serenum - ok
22:16:30.0731 6964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:16:30.0734 6964 Serial - ok
22:16:30.0802 6964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:16:30.0803 6964 sermouse - ok
22:16:30.0856 6964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:16:30.0856 6964 sffdisk - ok
22:16:30.0913 6964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:16:30.0914 6964 sffp_mmc - ok
22:16:30.0962 6964 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:16:30.0963 6964 sffp_sd - ok
22:16:31.0040 6964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:16:31.0041 6964 sfloppy - ok
22:16:31.0145 6964 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:16:31.0153 6964 Sftfs - ok
22:16:31.0196 6964 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:16:31.0199 6964 Sftplay - ok
22:16:31.0245 6964 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:16:31.0245 6964 Sftredir - ok
22:16:31.0300 6964 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:16:31.0301 6964 Sftvol - ok
22:16:31.0422 6964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:16:31.0423 6964 SiSRaid2 - ok
22:16:31.0487 6964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:16:31.0488 6964 SiSRaid4 - ok
22:16:31.0591 6964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:16:31.0594 6964 Smb - ok
22:16:31.0691 6964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:16:31.0692 6964 spldr - ok
22:16:31.0842 6964 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
22:16:31.0848 6964 SRTSP - ok
22:16:31.0981 6964 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
22:16:31.0982 6964 SRTSPX - ok
22:16:32.0091 6964 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:16:32.0100 6964 srv - ok
22:16:32.0144 6964 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:16:32.0153 6964 srv2 - ok
22:16:32.0214 6964 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:16:32.0221 6964 SrvHsfHDA - ok
22:16:32.0345 6964 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:16:32.0379 6964 SrvHsfV92 - ok
22:16:32.0492 6964 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:16:32.0513 6964 SrvHsfWinac - ok
22:16:32.0604 6964 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:16:32.0607 6964 srvnet - ok
22:16:32.0733 6964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:16:32.0734 6964 stexstor - ok
22:16:32.0856 6964 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
22:16:32.0878 6964 STHDA - ok
22:16:32.0989 6964 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
22:16:32.0990 6964 StillCam - ok
22:16:33.0088 6964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:16:33.0089 6964 swenum - ok
22:16:33.0228 6964 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
22:16:33.0236 6964 SymDS - ok
22:16:33.0381 6964 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
22:16:33.0407 6964 SymEFA - ok
22:16:33.0538 6964 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:16:33.0540 6964 SymEvent - ok
22:16:33.0673 6964 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
22:16:33.0675 6964 SymIRON - ok
22:16:33.0820 6964 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
22:16:33.0824 6964 SymNetS - ok
22:16:33.0957 6964 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
22:16:33.0970 6964 SynTP - ok
22:16:34.0123 6964 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:16:34.0186 6964 Tcpip - ok
22:16:34.0318 6964 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:16:34.0335 6964 TCPIP6 - ok
22:16:34.0424 6964 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:16:34.0425 6964 tcpipreg - ok
22:16:34.0534 6964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:16:34.0535 6964 TDPIPE - ok
22:16:34.0599 6964 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:16:34.0600 6964 TDTCP - ok
22:16:34.0665 6964 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:16:34.0667 6964 tdx - ok
22:16:34.0766 6964 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:16:34.0768 6964 TermDD - ok
22:16:34.0896 6964 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:16:34.0897 6964 tssecsrv - ok
22:16:35.0025 6964 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:16:35.0026 6964 TsUsbFlt - ok
22:16:35.0137 6964 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:16:35.0139 6964 tunnel - ok
22:16:35.0180 6964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:16:35.0181 6964 uagp35 - ok
22:16:35.0259 6964 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:16:35.0265 6964 udfs - ok
22:16:35.0348 6964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:16:35.0350 6964 uliagpkx - ok
22:16:35.0418 6964 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:16:35.0419 6964 umbus - ok
22:16:35.0508 6964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:16:35.0510 6964 UmPass - ok
22:16:35.0636 6964 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:16:35.0639 6964 usbccgp - ok
22:16:35.0691 6964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:16:35.0692 6964 usbcir - ok
22:16:35.0799 6964 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:16:35.0800 6964 usbehci - ok
22:16:35.0895 6964 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:16:35.0902 6964 usbhub - ok
22:16:35.0944 6964 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:16:35.0945 6964 usbohci - ok
22:16:36.0048 6964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:16:36.0049 6964 usbprint - ok
22:16:36.0163 6964 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:16:36.0164 6964 usbscan - ok
22:16:36.0268 6964 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:16:36.0269 6964 USBSTOR - ok
22:16:36.0376 6964 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:16:36.0377 6964 usbuhci - ok
22:16:36.0502 6964 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:16:36.0506 6964 usbvideo - ok
22:16:36.0527 6964 uxddrv - ok
22:16:36.0649 6964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:16:36.0650 6964 vdrvroot - ok
22:16:36.0763 6964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:16:36.0764 6964 vga - ok
22:16:36.0797 6964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:16:36.0798 6964 VgaSave - ok
22:16:36.0873 6964 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:16:36.0877 6964 vhdmp - ok
22:16:36.0917 6964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:16:36.0919 6964 viaide - ok
22:16:36.0949 6964 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:16:36.0951 6964 volmgr - ok
22:16:37.0011 6964 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:16:37.0017 6964 volmgrx - ok
22:16:37.0065 6964 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:16:37.0071 6964 volsnap - ok
22:16:37.0182 6964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:16:37.0185 6964 vsmraid - ok
22:16:37.0296 6964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:16:37.0297 6964 vwifibus - ok
22:16:37.0410 6964 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:16:37.0411 6964 vwififlt - ok
22:16:37.0513 6964 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:16:37.0514 6964 vwifimp - ok
22:16:37.0611 6964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:16:37.0612 6964 WacomPen - ok
22:16:37.0734 6964 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:16:37.0735 6964 WANARP - ok
22:16:37.0774 6964 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:16:37.0776 6964 Wanarpv6 - ok
22:16:37.0888 6964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:16:37.0888 6964 Wd - ok
22:16:37.0996 6964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:16:38.0015 6964 Wdf01000 - ok
22:16:38.0122 6964 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\Windows\system32\DRIVERS\WDKMD.sys
22:16:38.0123 6964 wdkmd - ok
22:16:38.0248 6964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:16:38.0250 6964 WfpLwf - ok
22:16:38.0352 6964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:16:38.0353 6964 WIMMount - ok
22:16:38.0496 6964 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
22:16:38.0499 6964 WinUSB - ok
22:16:38.0602 6964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:16:38.0602 6964 WmiAcpi - ok
22:16:38.0723 6964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:16:38.0724 6964 ws2ifsl - ok
22:16:38.0843 6964 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:16:38.0844 6964 WudfPf - ok
22:16:38.0976 6964 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:16:38.0981 6964 WUDFRd - ok
22:16:39.0108 6964 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:16:39.0115 6964 yukonw7 - ok
22:16:39.0157 6964 MBR (0x1B8) (8d9714f79d07a66da1b8e7ba68c0419b) \Device\Harddisk0\DR0
22:16:39.0197 6964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:16:39.0197 6964 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:16:39.0248 6964 Boot (0x1200) (d5bd1f9b61d334dcfed974a8d684a55e) \Device\Harddisk0\DR0\Partition0
22:16:39.0250 6964 \Device\Harddisk0\DR0\Partition0 - ok
22:16:39.0265 6964 Boot (0x1200) (3d648661ea04af18c4ee0059f7954b66) \Device\Harddisk0\DR0\Partition1
22:16:39.0267 6964 \Device\Harddisk0\DR0\Partition1 - ok
22:16:39.0299 6964 Boot (0x1200) (6c1de65d8909b3b2623cbe4c208aebe4) \Device\Harddisk0\DR0\Partition2
22:16:39.0313 6964 \Device\Harddisk0\DR0\Partition2 - ok
22:16:39.0384 6964 Boot (0x1200) (142cce31dbce07f39f3b6c70f153e043) \Device\Harddisk0\DR0\Partition3
22:16:39.0392 6964 \Device\Harddisk0\DR0\Partition3 - ok
22:16:39.0395 6964 ============================================================
22:16:39.0395 6964 Scan finished
22:16:39.0395 6964 ============================================================
22:16:39.0411 0884 Detected object count: 1
22:16:39.0411 0884 Actual detected object count: 1
22:16:56.0720 0884 \Device\Harddisk0\DR0\# - copied to quarantine
22:16:56.0720 0884 \Device\Harddisk0\DR0 - copied to quarantine
22:16:56.0796 0884 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:16:56.0799 0884 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:16:56.0803 0884 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:16:56.0808 0884 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:16:56.0816 0884 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:16:56.0893 0884 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:16:56.0916 0884 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:16:56.0946 0884 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:16:56.0954 0884 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:16:56.0956 0884 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:16:57.0013 0884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:16:57.0016 0884 \Device\Harddisk0\DR0 - ok
22:16:58.0447 0884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

It is asking for a Reboot. Shall I try rebooting even though that wasn't working previously?

 

[Broni]

Yes. Reboot is needed to cure the issue.

When done post new Bootkit Remover log.

 

[empireant]

Reboot didn't work. Got blue screen with crash dump. Had to do improper shutdown.

 

[empireant]

.\debug.cpp(238) : Debug log started at 11.02.2012 - 03:48:04
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601), 64-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x02c63000 0x005e9000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x02c1a000 0x00049000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x00b99000 0x00003000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x00c7d000 0x0004f000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x00ccc000 0x00014000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x00ce0000 0x0005e000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x00d3e000 0x000c0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x00e31000 0x000a4000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x00ed5000 0x0000f000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x00ee4000 0x00057000 "\SystemRoot\system32\drivers\ACPI.sys"
.\debug.cpp(256) : 0x00f3b000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x00f44000 0x0000a000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x00f4e000 0x00033000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x00f81000 0x0000d000 "\SystemRoot\system32\drivers\vdrvroot.sys"
.\debug.cpp(256) : 0x00f8e000 0x00015000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x00fa3000 0x00009000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x00fac000 0x0000c000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x00fb8000 0x00015000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x00c00000 0x0005c000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x00fcd000 0x0001a000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x010e2000 0x0020a000 "\SystemRoot\system32\DRIVERS\iaStor.sys"
.\debug.cpp(256) : 0x012ec000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x012f5000 0x0002a000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x0131f000 0x0000b000 "\SystemRoot\system32\drivers\msahci.sys"
.\debug.cpp(256) : 0x0132a000 0x00010000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x0133a000 0x0000b000 "\SystemRoot\system32\drivers\amdxata.sys"
.\debug.cpp(256) : 0x01345000 0x0004c000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x01000000 0x00071000 "\SystemRoot\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS"
.\debug.cpp(256) : 0x01071000 0x00014000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x014f5000 0x000e4000 "\SystemRoot\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS"
.\debug.cpp(256) : 0x01632000 0x001a3000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x01400000 0x0005e000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x017d5000 0x0001b000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x0145e000 0x00072000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x01600000 0x00011000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x01611000 0x0000a000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x01899000 0x000f3000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x0198c000 0x00060000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x01800000 0x0002b000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x01aeb000 0x00204000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x01cef000 0x0004a000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x01d39000 0x00008000 "\SystemRoot\system32\DRIVERS\wd.sys"
.\debug.cpp(256) : 0x01d41000 0x0004c000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x01d8d000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x01d95000 0x0003a000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x01dcf000 0x00012000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x01de1000 0x00009000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x01dea000 0x0000a000 "\SystemRoot\system32\DRIVERS\hpdskflt.sys"
.\debug.cpp(256) : 0x01a00000 0x0003a000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x01a3a000 0x00016000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x01a50000 0x00030000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x04432000 0x0002a000 "\SystemRoot\system32\drivers\cdrom.sys"
.\debug.cpp(256) : 0x0445c000 0x00009000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x04465000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x0446c000 0x0000e000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x0447a000 0x00025000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x0449f000 0x00010000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x044af000 0x00009000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x044b8000 0x00009000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x044c1000 0x00009000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x044ca000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x044d5000 0x00011000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x044e6000 0x00022000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x04508000 0x0000d000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x04515000 0x00089000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x0459e000 0x00045000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x045e3000 0x00009000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x01a8e000 0x00026000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x01ab4000 0x00016000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x045ec000 0x0000f000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x01aca000 0x0001b000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x04200000 0x00014000 "\SystemRoot\system32\drivers\termdd.sys"
.\debug.cpp(256) : 0x0182b000 0x00067000 "\SystemRoot\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS"
.\debug.cpp(256) : 0x01085000 0x00036000 "\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS"
.\debug.cpp(256) : 0x01391000 0x0002d000 "\SystemRoot\system32\drivers\N360x64\0502000.00D\Ironx64.SYS"
.\debug.cpp(256) : 0x0161b000 0x00016000 "\SystemRoot\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS"
.\debug.cpp(256) : 0x03066000 0x00051000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x030b7000 0x0000c000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x030c3000 0x0000b000 "\SystemRoot\system32\drivers\mssmbios.sys"
.\debug.cpp(256) : 0x030ce000 0x0007d000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120210.002\IDSvia64.sys"
.\debug.cpp(256) : 0x0314b000 0x0000b000 "\SystemRoot\System32\Drivers\GIDv2.SYS"
.\debug.cpp(256) : 0x03156000 0x00079000 "\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys"
.\debug.cpp(256) : 0x031cf000 0x00026000 "\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
.\debug.cpp(256) : 0x03000000 0x0000f000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x0300f000 0x0001e000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x0302d000 0x00011000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x0466f000 0x0011f000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys"
.\debug.cpp(256) : 0x0478e000 0x00026000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x04cc9000 0x00a1f000 "\SystemRoot\system32\DRIVERS\igdkmd64.sys"
.\debug.cpp(256) : 0x056e8000 0x000f4000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x04c00000 0x00046000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x04c46000 0x00011000 "\SystemRoot\system32\DRIVERS\HECIx64.sys"
.\debug.cpp(256) : 0x04c57000 0x00011000 "\SystemRoot\system32\drivers\usbehci.sys"
.\debug.cpp(256) : 0x04c68000 0x00056000 "\SystemRoot\system32\drivers\USBPORT.SYS"
.\debug.cpp(256) : 0x057dc000 0x00024000 "\SystemRoot\system32\drivers\HDAudBus.sys"
.\debug.cpp(256) : 0x05a4e000 0x00882000 "\SystemRoot\system32\DRIVERS\NETwNs64.sys"
.\debug.cpp(256) : 0x062d0000 0x0000d000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x06334000 0x0001e000 "\SystemRoot\system32\drivers\i8042prt.sys"
.\debug.cpp(256) : 0x06352000 0x0000f000 "\SystemRoot\system32\drivers\kbdclass.sys"
.\debug.cpp(256) : 0x04876000 0x0015d000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0x049d3000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x049d5000 0x0000f000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x049e4000 0x00007000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x04800000 0x00027000 "\SystemRoot\system32\DRIVERS\Impcd.sys"
.\debug.cpp(256) : 0x04827000 0x0000d000 "\SystemRoot\system32\DRIVERS\Accelerometer.sys"
.\debug.cpp(256) : 0x04834000 0x00005000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x04839000 0x00009000 "\SystemRoot\system32\drivers\wmiacpi.sys"
.\debug.cpp(256) : 0x04842000 0x00016000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x04858000 0x00010000 "\SystemRoot\system32\drivers\CompositeBus.sys"
.\debug.cpp(256) : 0x04868000 0x00007000 "\SystemRoot\system32\DRIVERS\clwvd.sys"
.\debug.cpp(256) : 0x06361000 0x00043000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x0486f000 0x00006000 "\SystemRoot\system32\drivers\ksthunk.sys"
.\debug.cpp(256) : 0x063a4000 0x00016000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x063ba000 0x00024000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x049eb000 0x0000c000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x05a00000 0x0002f000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x05a2f000 0x0001b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x063de000 0x00021000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x047b4000 0x0001a000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x049f7000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
.\debug.cpp(256) : 0x047ce000 0x00012000 "\SystemRoot\system32\DRIVERS\circlass.sys"
.\debug.cpp(256) : 0x047e0000 0x00012000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x04600000 0x00010000 "\SystemRoot\system32\DRIVERS\WDKMD.sys"
.\debug.cpp(256) : 0x04610000 0x0005a000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x0303e000 0x00015000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x080af000 0x00082000 "\SystemRoot\system32\DRIVERS\stwrt64.sys"
.\debug.cpp(256) : 0x08131000 0x0003d000 "\SystemRoot\system32\DRIVERS\portcls.sys"
.\debug.cpp(256) : 0x0816e000 0x00022000 "\SystemRoot\system32\DRIVERS\drmk.sys"
.\debug.cpp(256) : 0x08190000 0x00047000 "\SystemRoot\system32\DRIVERS\IntcDAud.sys"
.\debug.cpp(256) : 0x08000000 0x00036000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x08036000 0x00011000 "\SystemRoot\system32\DRIVERS\WinUSB.sys"
.\debug.cpp(256) : 0x08047000 0x0000e000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x04214000 0x0020a000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0x08055000 0x00013000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x08068000 0x0001d000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x062dd000 0x0002e000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0x000b0000 0x00314000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x08085000 0x0000c000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x08091000 0x0000e000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x00480000 0x0000a000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x006e0000 0x00027000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x00810000 0x00061000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x081d7000 0x00023000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x0809f000 0x0000b000 "\SystemRoot\system32\DRIVERS\Sftvollh.sys"
.\debug.cpp(256) : 0x0630b000 0x00021000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x014d0000 0x00015000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x02aea000 0x00053000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x02b3d000 0x00013000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x02b50000 0x00018000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x02a00000 0x000c9000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x02ac9000 0x0001e000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x02b68000 0x00018000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x02b80000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x02bad000 0x0004e000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x015d9000 0x00024000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x04cbe000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifimp.sys"
.\debug.cpp(256) : 0x08242000 0x000a6000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x082e8000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x082f3000 0x000c1000 "\SystemRoot\system32\DRIVERS\Sftfslh.sys"
.\debug.cpp(256) : 0x0887a000 0x0004d000 "\SystemRoot\system32\DRIVERS\Sftplaylh.sys"
.\debug.cpp(256) : 0x088c7000 0x00031000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x088f8000 0x00012000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x0890a000 0x00069000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x08973000 0x0000b000 "\SystemRoot\system32\DRIVERS\Sftredirlh.sys"
.\debug.cpp(256) : 0x09ea0000 0x00098000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x09f38000 0x000c0000 "\SystemRoot\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS"
.\debug.cpp(256) : 0x0a608000 0x001f8000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120210.003\EX64.SYS"
.\debug.cpp(256) : 0x09e00000 0x00020000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120210.003\ENG64.SYS"
.\debug.cpp(256) : 0x09e20000 0x0000a000 "\??\C:\Windows\system32\drivers\mbam.sys"
.\debug.cpp(256) : 0x77900000 0x001a9000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x48480000 0x00020000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0xffc20000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0xff780000 0x000c1000 "\Windows\System32\autochk.exe"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C144C&REV_1004#4&3321c578&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector"
.\debug.cpp(400) : Destination "\Device\MBAMProtector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C144C&REV_1004#4&3321c578&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C144C&REV_1004#4&3321c578&0&0001#{cb0b7def-63d0-44d6-bcd7-a5e6d1f8b362}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_CDDVDW_TS-L633R______________________0200____#4&a572ee5&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SND_USER_DEVICE"
.\debug.cpp(400) : Destination "\Device\SND_USER_DEVICE"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C144C&REV_1004#4&3321c578&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WDDriver"
.\debug.cpp(400) : Destination "\Device\WDDriver"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI14"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11122"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5aea11c4-4440-11e0-811a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5aea11c5-4440-11e0-811a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_0046&SUBSYS_144C103C&REV_02#3&11583659&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11122"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11122"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{954db1c0-4434-11e0-a72e-806e6f6e6963}#0000009007A00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C7A4043B-5421-4DA3-B10A-E40A51568F23}"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&222aa849&0&01#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B32&SUBSYS_144C103C&REV_05#3&11583659&0&FE#{a4ad50ae-aee3-4dff-8555-2006ef500892}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5aea11c6-4440-11e0-811a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E43D242B-9EAB-4626-A952-46649FBB939A}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SFTPLAY"
.\debug.cpp(400) : Destination "\Device\SFTPLAY"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0020#5&49141c1&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&349cc3d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5aea11c7-4440-11e0-811a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_5801#0x0001#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination "\Device\AgileVPN"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Q:"
.\debug.cpp(400) : Destination "\Device\SftVol"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination "\Device\IPSECDOSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SEC4251#4&348851d1&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\iaStor0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_0046&SUBSYS_144C103C&REV_02#3&11583659&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{954db1c0-4434-11e0-a72e-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_138A&PID_0005#0030f49e4787#{3dad1a1c-7d52-4891-8ca3-ee9aa3902090}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination "\Device\Video5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMRDR2"
.\debug.cpp(400) : Destination "\Device\SYMRDR2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) : Destination "\Device\vwififlt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B3C&SUBSYS_144C103C&REV_05#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E9D38193-37D8-4585-B205-052E43440BC9}"
.\debug.cpp(400) : Destination "\Device\NDMP19"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination "\Device\SPDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11122"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000006c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GIDV2"
.\debug.cpp(400) : Destination "\Device\GIDV2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{165878B0-82DB-4A1B-8EF3-CADDEB18DA6B}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B29&SUBSYS_144C103C&REV_05#3&11583659&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EC67CC5B-1F1B-4C00-9CE1-CC3E7052E482}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination "\Device\NAVENG"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination "\Device\EraserCtrlDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{9a04a928-eee6-11e0-b2f8-b648a668d83d}"
.\debug.cpp(400) : Destination "\Device\SftVol"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}"
.\debug.cpp(400) : Destination "\Device\NDMP15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_5801&MI_00#7&1b3daa85&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000087"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_0084&SUBSYS_13158086&REV_00#4&19be82d0&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C144C&REV_1004#4&3321c578&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination "\Device\NAVEX15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1bc81a72&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ01#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{954db1c0-4434-11e0-a72e-806e6f6e6963}#000000000C800000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C144C&REV_1004#4&3321c578&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{86A38196-E599-433B-B5FE-2086F8187637}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{88335445-35BD-43E1-B0BF-0EB37EE381CF}"
.\debug.cpp(400) : Destination "\Device\NDMP18"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination "\Device\nativewifip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_0084&SUBSYS_13158086&REV_00#4&19be82d0&0&00E0#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1E1D#4&17e2c7c3&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_CDDVDW_TS-L633R______________________0200____#4&a572ee5&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VE-UM"
.\debug.cpp(400) : Destination "\Device\VE-UM"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&17e2c7c3&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMDS"
.\debug.cpp(400) : Destination "\Device\SymDS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5aea11d4-4440-11e0-811a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel(R)_Core(TM)_i5_CPU_______M_460__@_2.53GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0A52C09-F2AB-4E44-BE60-015C8277516B}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E392D218-B599-4665-A572-1F338C65047C}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
.\debug.cpp(400) : Destination "\Device\SRTSPX"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) : Destination "\Device\WwanProt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_138A&PID_0005#0030f49e4787#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2804&SUBSYS_80860101&REV_1000#4&3321c578&0&0301#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination "\Device\0000007e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B64&SUBSYS_144C103C&REV_06#3&11583659&0&B0#{e2d1ff34-3458-49a9-88da-8e6915ce9be5}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMTDI"
.\debug.cpp(400) : Destination "\Device\SYMTDI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

 

[empireant]

.\debug.cpp(400) : Destination "\Device\0000005c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMEFA"
.\debug.cpp(400) : Destination "\Device\SYMEFA"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WDdriverDebug"
.\debug.cpp(400) : Destination "\Device\WDdriverDebug"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{954db1c0-4434-11e0-a72e-806e6f6e6963}#0000009504800000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : Event "\GLOBAL??\ProcmonExternalLoggerEnabled"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&222aa849&0&02#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000008a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_0084&SUBSYS_13158086&REV_00#4&19be82d0&0&00E0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIDSCo"
.\debug.cpp(400) : Destination "\Device\SymIDSCo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMRDRSEC"
.\debug.cpp(400) : Destination "\Device\SYMRDRSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SEC4251#4&348851d1&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel(R)_Core(TM)_i5_CPU_______M_460__@_2.53GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000068"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CF34AD8A-A0EB-4FCC-945B-F9E1E30A8EF2}"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&222aa849&0&02#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000008a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}"
.\debug.cpp(400) : Destination "\Device\NDMP16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination "\Device\TeredoTun"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0020#5&2cff0e13&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2804&SUBSYS_80860101&REV_1000#4&3321c578&0&0301#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000007e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C144C&REV_1004#4&3321c578&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST9640320AS_____________________________0002HPM1#4&a572ee5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}"
.\debug.cpp(400) : Destination "\Device\NDMP17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{361DE49F-0012-4FF0-B94D-D7F6E528779A}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_5801&MI_00#7&1b3daa85&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000087"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel(R)_Core(TM)_i5_CPU_______M_460__@_2.53GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B34&SUBSYS_144C103C&REV_05#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C144C&REV_1004#4&3321c578&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BASHDRVCHANNEL"
.\debug.cpp(400) : Destination "\Device\BBDrvDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#HPQ0004#3&11583659&0#{dd2a6682-735e-4e8e-8a59-d9dccf1ebece}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&17e2c7c3&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel(R)_Core(TM)_i5_CPU_______M_460__@_2.53GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000067"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) : Destination "\Device\SymEvent"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7B83CEB0-880C-40D2-9863-98AE1152119A}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIron"
.\debug.cpp(400) : Destination "\Device\SymIron"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&222aa849&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
.\debug.cpp(400) : Destination "\Device\SRTSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B32&SUBSYS_144C103C&REV_05#3&11583659&0&FE#{7f8406d9-ea27-45b0-82bc-f56a58b95910}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C144C&REV_1004#4&3321c578&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 596 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1136) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1138) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1139) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1143) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1144) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1147) :
.\boot_cleaner.cpp(1152) : Done;

 

[empireant]

Malwarebytes just blocked a malicious process attempt from the trojan.

 

[Broni]

Re-run TDSSKiller one more time.