Solved Fake AV redirect to 206.161.121.6
- Thread starter JeffreyG
- Start date
Broni
Posts: 56,041 +516
Welcome aboard
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.05.05
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
drgewirtz :: DR-OFFICE [administrator]
6/5/2012 11:30:31 AM
mbam-log-2012-06-05 (11-30-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252203
Time elapsed: 8 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Database version: v2012.06.05.05
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
drgewirtz :: DR-OFFICE [administrator]
6/5/2012 11:30:31 AM
mbam-log-2012-06-05 (11-30-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252203
Time elapsed: 8 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-05 15:19:18
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-60Z0A0 rev.03.03E03
Running: k4mchwto.exe; Driver: C:\Users\DRGEWI~1\AppData\Local\Temp\pxloqpog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
Rootkit quick scan 2012-06-05 15:19:18
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-60Z0A0 rev.03.03E03
Running: k4mchwto.exe; Driver: C:\Users\DRGEWI~1\AppData\Local\Temp\pxloqpog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by drgewirtz at 15:22:44 on 2012-06-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1245 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\conhost.exe
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by drgewirtz at 15:22:44 on 2012-06-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1245 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\conhost.exe
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/25/2010 11:41:21 AM
System Uptime: 6/5/2012 11:40:49 AM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 3047h
Processor: AMD Athlon(tm) II X2 B24 Processor | XU1 PROCESSOR | 780/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 67.822 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.804 GiB free.
E: is CDROM ()
O: is NetworkDisk (NTFS) - 466 GiB total, 46.936 GiB free.
Z: is NetworkDisk (NTFS) - 466 GiB total, 46.936 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&28AAC799&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&28AAC799&0
Service: i8042prt
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&28AAC799&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&28AAC799&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP131: 5/21/2012 10:22:22 AM - Scheduled Checkpoint
RP132: 5/24/2012 11:19:59 PM - HPSF Restore Point
RP143: 6/4/2012 10:06:05 AM - Restore Operation
RP144: 6/5/2012 1:33:04 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
AMD Fuel
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Problem Report Wizard
ATI Stream SDK v2 Developer
Bonjour
Broadcom Management Programs
BufferChm
Carbonite
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
CustomerResearchQFolder
CyberPower PowerPanel Personal Edition 1.2.7
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery
DeviceManagementQFolder
Dropbox
G3WebToolkit
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Hewlett-Packard ACLM.NET v1.1.1.0
HP Color LaserJet CM2320 MFP Series 3.1
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP SkyRoom
HP Support Assistant
HPAsset component for HP Active Support Library
hppCLJCM2320
hppFaxDrvCM2320
hppFaxUtilityCM2320
hppFonts
hppManualsCM2320
hppQFolderCM2320
hppScanToCM2320
hppSendFaxCM2320
hppusgCM2320
HydraVision
iCloud
iTunes
Java(TM) 6 Update 26
LiveUpdate 3.3 (Symantec Corporation)
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Online Backup
PDF Complete Special Edition
QuickBooks
QuickBooks Pro 2012
QuickTime
RAIDXpert
Realtek High Definition Audio Driver
Remote Graphics Receiver
Remote Graphics Sender
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SupportSoft Assisted Service
Symantec Endpoint Protection
TigerView Professional
TRAKnet PM
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WebReg
.
==== Event Viewer Messages From Past Week ========
.
6/5/2012 9:21:45 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
6/5/2012 9:01:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
6/5/2012 9:01:37 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2012 9:01:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/5/2012 8:59:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
6/5/2012 8:46:15 AM, Error: Microsoft-Windows-GroupPolicy [1006] - The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
6/5/2012 8:35:39 AM, Error: Service Control Manager [7023] - The Application Experience service terminated with the following error: Not enough storage is available to process this command.
6/5/2012 6:39:00 AM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
6/5/2012 12:07:43 AM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.
6/5/2012 11:42:57 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
6/5/2012 11:41:28 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain DR due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
6/5/2012 11:36:26 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/5/2012 11:27:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/5/2012 11:27:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/5/2012 11:27:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/5/2012 11:27:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/5/2012 11:27:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2012 11:27:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
6/5/2012 11:27:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/5/2012 11:27:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache eeCtrl SPBBCDrv spldr SRTSP SRTSPX SYMTDI Wanarpv6
6/5/2012 11:20:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
6/5/2012 11:20:06 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2012 11:19:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
6/5/2012 11:19:37 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2012 11:19:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
6/5/2012 11:19:08 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2012 11:18:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/5/2012 10:10:23 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
6/5/2012 10:08:37 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.
6/5/2012 1:31:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/5/2012 1:31:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
6/5/2012 1:31:36 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/4/2012 9:26:53 AM, Error: Service Control Manager [7023] - The Shell Hardware Detection service terminated with the following error: Not enough storage is available to process this command.
6/4/2012 9:02:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1054" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/4/2012 8:53:32 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
6/4/2012 8:52:54 AM, Error: AeLookupSvc [1] - The Application Experience Lookup service failed to initialize.
6/1/2012 8:49:45 AM, Error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
5/31/2012 4:00:29 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
5/31/2012 3:38:02 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
5/31/2012 3:23:00 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
.
==== End Of File ===========================
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/25/2010 11:41:21 AM
System Uptime: 6/5/2012 11:40:49 AM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 3047h
Processor: AMD Athlon(tm) II X2 B24 Processor | XU1 PROCESSOR | 780/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 67.822 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.804 GiB free.
E: is CDROM ()
O: is NetworkDisk (NTFS) - 466 GiB total, 46.936 GiB free.
Z: is NetworkDisk (NTFS) - 466 GiB total, 46.936 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&28AAC799&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&28AAC799&0
Service: i8042prt
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&28AAC799&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&28AAC799&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP131: 5/21/2012 10:22:22 AM - Scheduled Checkpoint
RP132: 5/24/2012 11:19:59 PM - HPSF Restore Point
RP143: 6/4/2012 10:06:05 AM - Restore Operation
RP144: 6/5/2012 1:33:04 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
AMD Fuel
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Problem Report Wizard
ATI Stream SDK v2 Developer
Bonjour
Broadcom Management Programs
BufferChm
Carbonite
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
CustomerResearchQFolder
CyberPower PowerPanel Personal Edition 1.2.7
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery
DeviceManagementQFolder
Dropbox
G3WebToolkit
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Hewlett-Packard ACLM.NET v1.1.1.0
HP Color LaserJet CM2320 MFP Series 3.1
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP SkyRoom
HP Support Assistant
HPAsset component for HP Active Support Library
hppCLJCM2320
hppFaxDrvCM2320
hppFaxUtilityCM2320
hppFonts
hppManualsCM2320
hppQFolderCM2320
hppScanToCM2320
hppSendFaxCM2320
hppusgCM2320
HydraVision
iCloud
iTunes
Java(TM) 6 Update 26
LiveUpdate 3.3 (Symantec Corporation)
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Online Backup
PDF Complete Special Edition
QuickBooks
QuickBooks Pro 2012
QuickTime
RAIDXpert
Realtek High Definition Audio Driver
Remote Graphics Receiver
Remote Graphics Sender
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SupportSoft Assisted Service
Symantec Endpoint Protection
TigerView Professional
TRAKnet PM
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WebReg
.
==== Event Viewer Messages From Past Week ========
.
6/5/2012 9:21:45 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
6/5/2012 9:01:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
6/5/2012 9:01:37 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2012 9:01:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/5/2012 8:59:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
6/5/2012 8:46:15 AM, Error: Microsoft-Windows-GroupPolicy [1006] - The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
6/5/2012 8:35:39 AM, Error: Service Control Manager [7023] - The Application Experience service terminated with the following error: Not enough storage is available to process this command.
6/5/2012 6:39:00 AM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
6/5/2012 12:07:43 AM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.
6/5/2012 11:42:57 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
6/5/2012 11:41:28 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain DR due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
6/5/2012 11:36:26 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/5/2012 11:27:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/5/2012 11:27:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/5/2012 11:27:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/5/2012 11:27:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/5/2012 11:27:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2012 11:27:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
6/5/2012 11:27:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/5/2012 11:27:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache eeCtrl SPBBCDrv spldr SRTSP SRTSPX SYMTDI Wanarpv6
6/5/2012 11:20:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
6/5/2012 11:20:06 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2012 11:19:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
6/5/2012 11:19:37 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2012 11:19:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
6/5/2012 11:19:08 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2012 11:18:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/5/2012 10:10:23 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
6/5/2012 10:08:37 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.
6/5/2012 1:31:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/5/2012 1:31:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
6/5/2012 1:31:36 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:49 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2012 1:29:48 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/4/2012 9:26:53 AM, Error: Service Control Manager [7023] - The Shell Hardware Detection service terminated with the following error: Not enough storage is available to process this command.
6/4/2012 9:02:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1054" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/4/2012 8:53:32 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
6/4/2012 8:52:54 AM, Error: AeLookupSvc [1] - The Application Experience Lookup service failed to initialize.
6/1/2012 8:49:45 AM, Error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
5/31/2012 4:00:29 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
5/31/2012 3:38:02 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
5/31/2012 3:23:00 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
.
==== End Of File ===========================
Broni
Posts: 56,041 +516
Download Bootkit Remover to your desktop.
=======================================================
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
- Unzip downloaded file to your Desktop.
- Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
- It will show a Black screen with some data on it.
- Right click on the screen and click Select All.
- Press CTRL+C
- Open a Notepad and press CTRL+V
- Post the output back here.
=======================================================
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-05 15:38:31
-----------------------------
15:38:31.365 OS Version: Windows 6.1.7601 Service Pack 1
15:38:31.365 Number of processors: 2 586 0x602
15:38:31.365 ComputerName: DR-OFFICE UserName: drgewirtz
15:38:34.220 Initialize success
15:44:11.953 AVAST engine defs: 12060501
15:45:13.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:45:13.187 Disk 0 Vendor: WDC_WD1600AAJS-60Z0A0 03.03E03 Size: 152627MB BusType: 11
15:45:13.187 Disk 0 MBR read successfully
15:45:13.187 Disk 0 MBR scan
15:45:13.203 Disk 0 Windows 7 default MBR code
15:45:13.203 Disk 0 MBR hidden
15:45:13.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2047 MB offset 2048
15:45:13.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 143209 MB offset 4194304
15:45:13.265 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7360 MB offset 297486336
15:45:13.265 Disk 0 scanning sectors +312559616
15:45:13.343 Disk 0 scanning C:\Windows\system32\drivers
15:45:26.480 Service scanning
15:45:54.110 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
15:45:54.874 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
15:45:59.710 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
15:45:59.804 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
15:46:00.881 Modules scanning
15:46:23.565 Disk 0 trace - called modules:
15:46:23.565 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868b44b1]<<
15:46:23.580 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8658c030]
15:46:23.580 3 CLASSPNP.SYS[8b3b159e] -> nt!IofCallDriver -> [0x868d3028]
15:46:23.596 \Driver\atapi[0x86845798] -> IRP_MJ_CREATE -> 0x868b44b1
15:46:25.047 AVAST engine scan C:\Windows
15:46:28.291 AVAST engine scan C:\Windows\system32
15:50:57.319 AVAST engine scan C:\Windows\system32\drivers
15:51:12.234 AVAST engine scan C:\Users\drgewirtz
15:57:36.504 Disk 0 MBR has been saved successfully to "C:\Users\drgewirtz\Desktop\MBR.dat"
15:57:36.519 The log file has been saved successfully to "C:\Users\drgewirtz\Desktop\aswMBR.txt"
Run date: 2012-06-05 15:38:31
-----------------------------
15:38:31.365 OS Version: Windows 6.1.7601 Service Pack 1
15:38:31.365 Number of processors: 2 586 0x602
15:38:31.365 ComputerName: DR-OFFICE UserName: drgewirtz
15:38:34.220 Initialize success
15:44:11.953 AVAST engine defs: 12060501
15:45:13.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:45:13.187 Disk 0 Vendor: WDC_WD1600AAJS-60Z0A0 03.03E03 Size: 152627MB BusType: 11
15:45:13.187 Disk 0 MBR read successfully
15:45:13.187 Disk 0 MBR scan
15:45:13.203 Disk 0 Windows 7 default MBR code
15:45:13.203 Disk 0 MBR hidden
15:45:13.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2047 MB offset 2048
15:45:13.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 143209 MB offset 4194304
15:45:13.265 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7360 MB offset 297486336
15:45:13.265 Disk 0 scanning sectors +312559616
15:45:13.343 Disk 0 scanning C:\Windows\system32\drivers
15:45:26.480 Service scanning
15:45:54.110 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
15:45:54.874 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
15:45:59.710 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
15:45:59.804 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
15:46:00.881 Modules scanning
15:46:23.565 Disk 0 trace - called modules:
15:46:23.565 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868b44b1]<<
15:46:23.580 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8658c030]
15:46:23.580 3 CLASSPNP.SYS[8b3b159e] -> nt!IofCallDriver -> [0x868d3028]
15:46:23.596 \Driver\atapi[0x86845798] -> IRP_MJ_CREATE -> 0x868b44b1
15:46:25.047 AVAST engine scan C:\Windows
15:46:28.291 AVAST engine scan C:\Windows\system32
15:50:57.319 AVAST engine scan C:\Windows\system32\drivers
15:51:12.234 AVAST engine scan C:\Users\drgewirtz
15:57:36.504 Disk 0 MBR has been saved successfully to "C:\Users\drgewirtz\Desktop\MBR.dat"
15:57:36.519 The log file has been saved successfully to "C:\Users\drgewirtz\Desktop\aswMBR.txt"
\debug.cpp(238) : Debug log started at 05.06.2012 - 19:36:53
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82c56000 0x00412000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x82c1f000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x868fb000 0x00003000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8322d000 0x0000b000 "\SystemRoot\system32\mcupdate_AuthenticAMD.dll"
.\debug.cpp(256) : 0x83238000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x83249000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x83251000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x83293000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8333e000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x833af000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8341a000 0x00048000 "\SystemRoot\system32\drivers\ACPI.sys"
.\debug.cpp(256) : 0x83462000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x8346b000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x83473000 0x0002a000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x8349d000 0x0000b000 "\SystemRoot\system32\drivers\vdrvroot.sys"
.\debug.cpp(256) : 0x834a8000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x834b9000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x834c1000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x834cc000 0x00010000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x834dc000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x83527000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8353d000 0x0002a000 "\SystemRoot\system32\drivers\vmbus.sys"
.\debug.cpp(256) : 0x83567000 0x00012000 "\SystemRoot\system32\drivers\winhv.sys"
.\debug.cpp(256) : 0x83579000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x83582000 0x00023000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x835a5000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys"
.\debug.cpp(256) : 0x835af000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x835bd000 0x00009000 "\SystemRoot\system32\drivers\amdxata.sys"
.\debug.cpp(256) : 0x835c6000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x83400000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x83631000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x83760000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8378b000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8379e000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x83600000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8360e000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8b238000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8b2ef000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8b32d000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8b42e000 0x0014b000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8b579000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8b5aa000 0x00009000 "\SystemRoot\system32\drivers\vmstorfl.sys"
.\debug.cpp(256) : 0x8b5b3000 0x0003f000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8b5f2000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8b400000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8b352000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8b362000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8b36a000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8b39c000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8b3ad000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8b3d2000 0x00008000 "\SystemRoot\system32\DRIVERS\AtiPcie.sys"
.\debug.cpp(256) : 0x833bd000 0x00043000 "\SystemRoot\system32\DRIVERS\ahcix86s.sys"
.\debug.cpp(256) : 0x8b62c000 0x00048000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8b6a7000 0x0001f000 "\SystemRoot\system32\drivers\cdrom.sys"
.\debug.cpp(256) : 0x8b6c6000 0x0004b000 "\SystemRoot\System32\Drivers\SRTSP.SYS"
.\debug.cpp(256) : 0x94229000 0x0014e000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVEX15.SYS"
.\debug.cpp(256) : 0x94377000 0x00025000 "\??\C:\Windows\system32\Drivers\SYMEVENT.SYS"
.\debug.cpp(256) : 0x9439c000 0x00014000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVENG.SYS"
.\debug.cpp(256) : 0x943b0000 0x0000a000 "\SystemRoot\System32\Drivers\SRTSPX.SYS"
.\debug.cpp(256) : 0x943ba000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x943c1000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x943c8000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x943d4000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x94200000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x9420d000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x94215000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x9421d000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x943f5000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8b711000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8b71f000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8b736000 0x0000c000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8b742000 0x0002d000 "\SystemRoot\System32\Drivers\SYMTDI.SYS"
.\debug.cpp(256) : 0x8b76f000 0x0000e000 "\??\C:\Windows\system32\drivers\wpsdrvnt.sys"
.\debug.cpp(256) : 0x8b77d000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8b200000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8b7d7000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0x8b7e0000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x8b600000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8b7e7000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8b3da000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x83617000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x83200000 0x00011000 "\SystemRoot\system32\drivers\termdd.sys"
.\debug.cpp(256) : 0x9c60a000 0x0006a000 "\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys"
.\debug.cpp(256) : 0x9c674000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x9c6b5000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x9c6bf000 0x0000a000 "\SystemRoot\system32\drivers\mssmbios.sys"
.\debug.cpp(256) : 0x9c6c9000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
.\debug.cpp(256) : 0x9c727000 0x0001d000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
.\debug.cpp(256) : 0x9c744000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x9c750000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x9c768000 0x00014000 "\SystemRoot\system32\DRIVERS\ctxusbm.sys"
.\debug.cpp(256) : 0x9c77c000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x9c7e0000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x9dc22000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x9dc43000 0x0003e000 "\SystemRoot\system32\DRIVERS\atikmpag.sys"
.\debug.cpp(256) : 0x9e034000 0x006a7000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x9e6db000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x9e792000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x9dc81000 0x00041000 "\SystemRoot\system32\DRIVERS\b57nd60x.sys"
.\debug.cpp(256) : 0x9e7cb000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x9e7d1000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x9dcc2000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x9e7db000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x9e000000 0x0001f000 "\SystemRoot\system32\drivers\HDAudBus.sys"
.\debug.cpp(256) : 0x9e01f000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x9e7ea000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x9dd25000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0x9dd3d000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x9dd47000 0x0000c000 "\SystemRoot\system32\drivers\tpm.sys"
.\debug.cpp(256) : 0x9dd53000 0x00011000 "\SystemRoot\system32\DRIVERS\amdppm.sys"
.\debug.cpp(256) : 0x9e7f7000 0x00009000 "\SystemRoot\system32\drivers\wmiacpi.sys"
.\debug.cpp(256) : 0x9dd64000 0x0000d000 "\SystemRoot\system32\drivers\CompositeBus.sys"
.\debug.cpp(256) : 0x9e02c000 0x00001000 "\SystemRoot\system32\DRIVERS\lmimirr.sys"
.\debug.cpp(256) : 0x9dd71000 0x00008000 "\SystemRoot\system32\DRIVERS\serscan.sys"
.\debug.cpp(256) : 0x9dd79000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x9dd8b000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x9dda3000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x9ddae000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x9ddd0000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x9dde8000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x9dc00000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x9dc17000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x9fc0a000 0x00022000 "\SystemRoot\system32\DRIVERS\teefer2.sys"
.\debug.cpp(256) : 0x9fc2c000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
.\debug.cpp(256) : 0x9fc2e000 0x00034000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0x9fc62000 0x00010000 "\SystemRoot\system32\DRIVERS\amdiox86.sys"
.\debug.cpp(256) : 0x9fc72000 0x0000e000 "\SystemRoot\system32\drivers\umbus.sys"
.\debug.cpp(256) : 0x9fc80000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x9fcc4000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xa0828000 0x0033c000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0xa0b64000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xa0b93000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa0bac000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0xa0bb9000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0xa0bc4000 0x0000a000 "\SystemRoot\System32\Drivers\dump_msahci.sys"
.\debug.cpp(256) : 0xa0bce000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0xa0bdf000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xa0bf6000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xa2040000 0x00250000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa0800000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xa080a000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xa0815000 0x0000e000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
.\debug.cpp(256) : 0xa0823000 0x00003000 "\SystemRoot\system32\DRIVERS\BrUsbSer.sys"
.\debug.cpp(256) : 0x9fcd5000 0x00043000 "\SystemRoot\system32\DRIVERS\BrSerId.sys"
.\debug.cpp(256) : 0x9fd18000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
.\debug.cpp(256) : 0x9fd25000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x9fd30000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xa0bf8000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x9fd43000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x9fd4f000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x9fd5a000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0xa22a0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0xa22d0000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x9fd65000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x9fd80000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x9fd9a000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x9fdaa000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0xaac18000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0xaac9d000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0xaacb6000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0xaacc8000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xaaceb000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0xaad26000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0xaad41000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
.\debug.cpp(256) : 0xaad70000 0x00002000 "\??\C:\Program Files\LogMeIn\x86\RaInfo.sys"
.\debug.cpp(256) : 0xaad72000 0x0000a000 "\??\C:\Windows\system32\drivers\LMIRfsDriver.sys"
.\debug.cpp(256) : 0xb0605000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xb069c000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xb06a6000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xb06c7000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xb06d4000 0x00050000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xb0724000 0x00052000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb0776000 0x00005000 "\SystemRoot\System32\Drivers\SYMREDRV.SYS"
.\debug.cpp(256) : 0xb07a3000 0x00019000 "\??\C:\Users\DRGEWI~1\AppData\Local\Temp\pxloqpog.sys"
.\debug.cpp(256) : 0xb07bc000 0x00028000 "\??\C:\Windows\system32\drivers\WpsHelper.sys"
.\debug.cpp(256) : 0xb07e4000 0x00007000 "\??\C:\Users\DRGEWI~1\AppData\Local\Temp\mbr.sys"
.\debug.cpp(256) : 0x77350000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x48260000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77590000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00580000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x77560000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x77250000 0x000f5000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x77540000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x774c0000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x77200000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x77170000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x77030000 0x00137000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x76e30000 0x001fe000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x76df0000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x76d90000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x774b0000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x76cc0000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x76b60000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x76a90000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x774a0000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x76a30000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x76a00000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x76950000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x76870000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2A8A3CD7-8F53-4A05-89EC-4A88ABE54710}"
.\debug.cpp(400) : Destination "\Device\NDMP17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col02#7&26907326&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination "\Device\AgileVPN"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CtxUsbMonitor"
.\debug.cpp(400) : Destination "\Device\CtxUsbMonitor"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9710&SUBSYS_3047103C&REV_00#4&26e05a9c&0&2808#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1f8c4de5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) : Destination "\Device\SymEvent"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{42E0AB8B-0713-409B-8232-95614B27EFCB}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc68-e067-11df-b9cd-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc74-e067-11df-b9cd-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Teefer2"
.\debug.cpp(400) : Destination "\Device\Teefer2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_3047103C&REV_00#3&21436425&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1681&SUBSYS_3047103C&REV_10#4&2d1d473b&0&0050#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#IMAGE#0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\0000000a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsCommunicationDevice"
.\debug.cpp(400) : Destination "\Device\LMIRFS\Communication"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HWP2842#5&14e2a111&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination "\Device\Video5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1681&SUBSYS_3047103C&REV_10#4&2d1d473b&0&0050#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_00#7&39c08f64&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY7"
.\debug.cpp(400) : Destination "\Device\Video6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2cddaac1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_00#6&3709143b&0&0000#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination "\Device\SPDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&24e763d6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination "\Device\TeredoTun"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82c56000 0x00412000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x82c1f000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x868fb000 0x00003000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8322d000 0x0000b000 "\SystemRoot\system32\mcupdate_AuthenticAMD.dll"
.\debug.cpp(256) : 0x83238000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x83249000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x83251000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x83293000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8333e000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x833af000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8341a000 0x00048000 "\SystemRoot\system32\drivers\ACPI.sys"
.\debug.cpp(256) : 0x83462000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x8346b000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x83473000 0x0002a000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x8349d000 0x0000b000 "\SystemRoot\system32\drivers\vdrvroot.sys"
.\debug.cpp(256) : 0x834a8000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x834b9000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x834c1000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x834cc000 0x00010000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x834dc000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x83527000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8353d000 0x0002a000 "\SystemRoot\system32\drivers\vmbus.sys"
.\debug.cpp(256) : 0x83567000 0x00012000 "\SystemRoot\system32\drivers\winhv.sys"
.\debug.cpp(256) : 0x83579000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x83582000 0x00023000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x835a5000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys"
.\debug.cpp(256) : 0x835af000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x835bd000 0x00009000 "\SystemRoot\system32\drivers\amdxata.sys"
.\debug.cpp(256) : 0x835c6000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x83400000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x83631000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x83760000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8378b000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8379e000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x83600000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8360e000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8b238000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8b2ef000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8b32d000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8b42e000 0x0014b000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8b579000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8b5aa000 0x00009000 "\SystemRoot\system32\drivers\vmstorfl.sys"
.\debug.cpp(256) : 0x8b5b3000 0x0003f000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8b5f2000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8b400000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8b352000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8b362000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8b36a000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8b39c000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8b3ad000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8b3d2000 0x00008000 "\SystemRoot\system32\DRIVERS\AtiPcie.sys"
.\debug.cpp(256) : 0x833bd000 0x00043000 "\SystemRoot\system32\DRIVERS\ahcix86s.sys"
.\debug.cpp(256) : 0x8b62c000 0x00048000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8b6a7000 0x0001f000 "\SystemRoot\system32\drivers\cdrom.sys"
.\debug.cpp(256) : 0x8b6c6000 0x0004b000 "\SystemRoot\System32\Drivers\SRTSP.SYS"
.\debug.cpp(256) : 0x94229000 0x0014e000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVEX15.SYS"
.\debug.cpp(256) : 0x94377000 0x00025000 "\??\C:\Windows\system32\Drivers\SYMEVENT.SYS"
.\debug.cpp(256) : 0x9439c000 0x00014000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVENG.SYS"
.\debug.cpp(256) : 0x943b0000 0x0000a000 "\SystemRoot\System32\Drivers\SRTSPX.SYS"
.\debug.cpp(256) : 0x943ba000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x943c1000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x943c8000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x943d4000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x94200000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x9420d000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x94215000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x9421d000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x943f5000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8b711000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8b71f000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8b736000 0x0000c000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8b742000 0x0002d000 "\SystemRoot\System32\Drivers\SYMTDI.SYS"
.\debug.cpp(256) : 0x8b76f000 0x0000e000 "\??\C:\Windows\system32\drivers\wpsdrvnt.sys"
.\debug.cpp(256) : 0x8b77d000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8b200000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8b7d7000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0x8b7e0000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x8b600000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8b7e7000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8b3da000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x83617000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x83200000 0x00011000 "\SystemRoot\system32\drivers\termdd.sys"
.\debug.cpp(256) : 0x9c60a000 0x0006a000 "\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys"
.\debug.cpp(256) : 0x9c674000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x9c6b5000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x9c6bf000 0x0000a000 "\SystemRoot\system32\drivers\mssmbios.sys"
.\debug.cpp(256) : 0x9c6c9000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
.\debug.cpp(256) : 0x9c727000 0x0001d000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
.\debug.cpp(256) : 0x9c744000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x9c750000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x9c768000 0x00014000 "\SystemRoot\system32\DRIVERS\ctxusbm.sys"
.\debug.cpp(256) : 0x9c77c000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x9c7e0000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x9dc22000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x9dc43000 0x0003e000 "\SystemRoot\system32\DRIVERS\atikmpag.sys"
.\debug.cpp(256) : 0x9e034000 0x006a7000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x9e6db000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x9e792000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x9dc81000 0x00041000 "\SystemRoot\system32\DRIVERS\b57nd60x.sys"
.\debug.cpp(256) : 0x9e7cb000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x9e7d1000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x9dcc2000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x9e7db000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x9e000000 0x0001f000 "\SystemRoot\system32\drivers\HDAudBus.sys"
.\debug.cpp(256) : 0x9e01f000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x9e7ea000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x9dd25000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0x9dd3d000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x9dd47000 0x0000c000 "\SystemRoot\system32\drivers\tpm.sys"
.\debug.cpp(256) : 0x9dd53000 0x00011000 "\SystemRoot\system32\DRIVERS\amdppm.sys"
.\debug.cpp(256) : 0x9e7f7000 0x00009000 "\SystemRoot\system32\drivers\wmiacpi.sys"
.\debug.cpp(256) : 0x9dd64000 0x0000d000 "\SystemRoot\system32\drivers\CompositeBus.sys"
.\debug.cpp(256) : 0x9e02c000 0x00001000 "\SystemRoot\system32\DRIVERS\lmimirr.sys"
.\debug.cpp(256) : 0x9dd71000 0x00008000 "\SystemRoot\system32\DRIVERS\serscan.sys"
.\debug.cpp(256) : 0x9dd79000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x9dd8b000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x9dda3000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x9ddae000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x9ddd0000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x9dde8000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x9dc00000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x9dc17000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x9fc0a000 0x00022000 "\SystemRoot\system32\DRIVERS\teefer2.sys"
.\debug.cpp(256) : 0x9fc2c000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
.\debug.cpp(256) : 0x9fc2e000 0x00034000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0x9fc62000 0x00010000 "\SystemRoot\system32\DRIVERS\amdiox86.sys"
.\debug.cpp(256) : 0x9fc72000 0x0000e000 "\SystemRoot\system32\drivers\umbus.sys"
.\debug.cpp(256) : 0x9fc80000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x9fcc4000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xa0828000 0x0033c000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0xa0b64000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xa0b93000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa0bac000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0xa0bb9000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0xa0bc4000 0x0000a000 "\SystemRoot\System32\Drivers\dump_msahci.sys"
.\debug.cpp(256) : 0xa0bce000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0xa0bdf000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xa0bf6000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xa2040000 0x00250000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa0800000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xa080a000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xa0815000 0x0000e000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
.\debug.cpp(256) : 0xa0823000 0x00003000 "\SystemRoot\system32\DRIVERS\BrUsbSer.sys"
.\debug.cpp(256) : 0x9fcd5000 0x00043000 "\SystemRoot\system32\DRIVERS\BrSerId.sys"
.\debug.cpp(256) : 0x9fd18000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
.\debug.cpp(256) : 0x9fd25000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x9fd30000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xa0bf8000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x9fd43000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x9fd4f000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x9fd5a000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0xa22a0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0xa22d0000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x9fd65000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x9fd80000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x9fd9a000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x9fdaa000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0xaac18000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0xaac9d000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0xaacb6000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0xaacc8000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xaaceb000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0xaad26000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0xaad41000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
.\debug.cpp(256) : 0xaad70000 0x00002000 "\??\C:\Program Files\LogMeIn\x86\RaInfo.sys"
.\debug.cpp(256) : 0xaad72000 0x0000a000 "\??\C:\Windows\system32\drivers\LMIRfsDriver.sys"
.\debug.cpp(256) : 0xb0605000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xb069c000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xb06a6000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xb06c7000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xb06d4000 0x00050000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xb0724000 0x00052000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb0776000 0x00005000 "\SystemRoot\System32\Drivers\SYMREDRV.SYS"
.\debug.cpp(256) : 0xb07a3000 0x00019000 "\??\C:\Users\DRGEWI~1\AppData\Local\Temp\pxloqpog.sys"
.\debug.cpp(256) : 0xb07bc000 0x00028000 "\??\C:\Windows\system32\drivers\WpsHelper.sys"
.\debug.cpp(256) : 0xb07e4000 0x00007000 "\??\C:\Users\DRGEWI~1\AppData\Local\Temp\mbr.sys"
.\debug.cpp(256) : 0x77350000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x48260000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77590000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00580000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x77560000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x77250000 0x000f5000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x77540000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x774c0000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x77200000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x77170000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x77030000 0x00137000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x76e30000 0x001fe000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x76df0000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x76d90000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x774b0000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x76cc0000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x76b60000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x76a90000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x774a0000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x76a30000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x76a00000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x76950000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x76870000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2A8A3CD7-8F53-4A05-89EC-4A88ABE54710}"
.\debug.cpp(400) : Destination "\Device\NDMP17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col02#7&26907326&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination "\Device\AgileVPN"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CtxUsbMonitor"
.\debug.cpp(400) : Destination "\Device\CtxUsbMonitor"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9710&SUBSYS_3047103C&REV_00#4&26e05a9c&0&2808#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1f8c4de5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) : Destination "\Device\SymEvent"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{42E0AB8B-0713-409B-8232-95614B27EFCB}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc68-e067-11df-b9cd-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc74-e067-11df-b9cd-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Teefer2"
.\debug.cpp(400) : Destination "\Device\Teefer2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_3047103C&REV_00#3&21436425&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1681&SUBSYS_3047103C&REV_10#4&2d1d473b&0&0050#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#IMAGE#0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\0000000a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsCommunicationDevice"
.\debug.cpp(400) : Destination "\Device\LMIRFS\Communication"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HWP2842#5&14e2a111&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination "\Device\Video5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1681&SUBSYS_3047103C&REV_10#4&2d1d473b&0&0050#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_00#7&39c08f64&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY7"
.\debug.cpp(400) : Destination "\Device\Video6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2cddaac1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_00#6&3709143b&0&0000#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination "\Device\SPDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&24e763d6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination "\Device\TeredoTun"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??
\PCI#VEN_1002&DEV_4398&SUBSYS_3047103C&REV_00#3&21436425&0&91#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&2#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c7b93025-e078-11df-96ad-806e6f6e6963}#0000000080000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c7b93025-e078-11df-96ad-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
.\debug.cpp(400) : Destination "\Device\Usbscan0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9710&SUBSYS_3047103C&REV_00#4&26e05a9c&0&2808#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\BrSerif0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_6_-_AMD_Athlon(tm)_II_X2_B24_Processor#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1600AAJS-60Z0A0___________________03.03E03#5&346af5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BBDRVCHANNEL"
.\debug.cpp(400) : Destination "\Device\BBDrvDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col01#7&26907326&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000008a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0764&PID_0501#5&34357ba7&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#IFX0102#1#{699fb98e-500b-4a5a-ba05-5f26d51168ad}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination "\Device\NAVEX15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_02&Col02#7&136056e8&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination "\Device\EraserCtrlDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&4#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_DVD-RAM_GH40L________________________RB12____#5&29158457&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination "\Device\IPSECDOSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&5#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_01#6&3709143b&0&0001#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_3047103C&REV_00#3&21436425&0&92#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000005c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_02&Col03#7&136056e8&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&28aac799&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\0000006f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_3047103C&REV_00#3&21436425&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_3047103C&REV_00#3&21436425&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination "\Device\NAVENG"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{881D56F2-7722-45F7-B67D-8DEFE437CC24}"
.\debug.cpp(400) : Destination "\Device\NDMP14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col03#7&26907326&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
.\debug.cpp(400) : Destination "\Device\SRTSPX"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc69-e067-11df-b9cd-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c7b93025-e078-11df-96ad-806e6f6e6963}#0000002376900000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpsHelper"
.\debug.cpp(400) : Destination "\Device\WpsHelper"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&9b04cfb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1675132F-1FD4-438C-85AA-FBF8F91844FE}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_02#6&3709143b&0&0002#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIInfo"
.\debug.cpp(400) : Destination "\Device\LMIInfo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&386da790&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DISPLAY#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\00000009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc67-e067-11df-b9cd-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0764&PID_0501#6&155e60cf&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WPS"
.\debug.cpp(400) : Destination "\Device\WPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_02#6&3709143b&0&0002#{106e82e8-204c-4ff5-938a-78f9fa28cdfd}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5C337DC8-B8BA-424C-B8FB-B0401E55E488}"
.\debug.cpp(400) : Destination "\Device\NDMP16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pxloqpog"
.\debug.cpp(400) : Destination "\Device\pxloqpog"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_02&Col01#7&136056e8&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_DVD-RAM_GH40L________________________RB12____#5&29158457&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col04#7&26907326&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2c22aea4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_00#7&39c08f64&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1560E7C8-DA86-4CC4-A57D-B60F0985B5A5}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Brother MFC-8860DN Fax Only"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000092"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{1e54ece4-34e9-4761-b176-0e98c94784b2}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&7ce1422&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsDevice"
.\debug.cpp(400) : Destination "\Device\LMIRFS\Control"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\NamedPipe\Spooler\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI"
.\debug.cpp(400) : Destination "\Device\SymTDI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C8764FB7-C92A-4BE1-A064-6C4EA452A6C3}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2FA84AB4-45D1-4F67-B200-B88F10488BEB}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6#000L8J815076#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2e100c7d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
.\debug.cpp(400) : Destination "\Device\mbr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
.\debug.cpp(400) : Destination "\Device\SRTSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4399&SUBSYS_3047103C&REV_00#3&21436425&0&A5#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col01#7&26907326&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C52B#5&34357ba7&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_6_-_AMD_Athlon(tm)_II_X2_B24_Processor#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_3047103C&REV_00#3&21436425&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&3#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{27571140-1182-46FD-9C02-3428226E1B47}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6C9E3E30-677E-456E-88E0-D503D89EF9E9}"
.\debug.cpp(400) : Destination "\Device\NDMP15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_02#6&3709143b&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HWP2842#5&14e2a111&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`80000000
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 149 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1136) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1138) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1139) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1143) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1144) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1147) :
.\boot_cleaner.cpp(1152) : Done;
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&2#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c7b93025-e078-11df-96ad-806e6f6e6963}#0000000080000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c7b93025-e078-11df-96ad-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
.\debug.cpp(400) : Destination "\Device\Usbscan0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9710&SUBSYS_3047103C&REV_00#4&26e05a9c&0&2808#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\BrSerif0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_6_-_AMD_Athlon(tm)_II_X2_B24_Processor#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1600AAJS-60Z0A0___________________03.03E03#5&346af5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BBDRVCHANNEL"
.\debug.cpp(400) : Destination "\Device\BBDrvDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col01#7&26907326&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000008a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0764&PID_0501#5&34357ba7&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#IFX0102#1#{699fb98e-500b-4a5a-ba05-5f26d51168ad}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination "\Device\NAVEX15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_02&Col02#7&136056e8&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination "\Device\EraserCtrlDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&4#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_DVD-RAM_GH40L________________________RB12____#5&29158457&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination "\Device\IPSECDOSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&5#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_01#6&3709143b&0&0001#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_3047103C&REV_00#3&21436425&0&92#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000005c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_02&Col03#7&136056e8&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&28aac799&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\0000006f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_3047103C&REV_00#3&21436425&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_3047103C&REV_00#3&21436425&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination "\Device\NAVENG"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{881D56F2-7722-45F7-B67D-8DEFE437CC24}"
.\debug.cpp(400) : Destination "\Device\NDMP14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col03#7&26907326&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
.\debug.cpp(400) : Destination "\Device\SRTSPX"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc69-e067-11df-b9cd-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c7b93025-e078-11df-96ad-806e6f6e6963}#0000002376900000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpsHelper"
.\debug.cpp(400) : Destination "\Device\WpsHelper"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&9b04cfb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1675132F-1FD4-438C-85AA-FBF8F91844FE}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_02#6&3709143b&0&0002#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIInfo"
.\debug.cpp(400) : Destination "\Device\LMIInfo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&386da790&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DISPLAY#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\00000009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1953fc67-e067-11df-b9cd-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0764&PID_0501#6&155e60cf&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WPS"
.\debug.cpp(400) : Destination "\Device\WPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_02#6&3709143b&0&0002#{106e82e8-204c-4ff5-938a-78f9fa28cdfd}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5C337DC8-B8BA-424C-B8FB-B0401E55E488}"
.\debug.cpp(400) : Destination "\Device\NDMP16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pxloqpog"
.\debug.cpp(400) : Destination "\Device\pxloqpog"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_02&Col01#7&136056e8&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_DVD-RAM_GH40L________________________RB12____#5&29158457&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col04#7&26907326&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2c22aea4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_00#7&39c08f64&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1560E7C8-DA86-4CC4-A57D-B60F0985B5A5}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Brother MFC-8860DN Fax Only"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000092"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3047&REV_1001#4&213c3f7e&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{1e54ece4-34e9-4761-b176-0e98c94784b2}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&7ce1422&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsDevice"
.\debug.cpp(400) : Destination "\Device\LMIRFS\Control"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\NamedPipe\Spooler\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI"
.\debug.cpp(400) : Destination "\Device\SymTDI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C8764FB7-C92A-4BE1-A064-6C4EA452A6C3}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2FA84AB4-45D1-4F67-B200-B88F10488BEB}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6#000L8J815076#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2e100c7d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
.\debug.cpp(400) : Destination "\Device\mbr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
.\debug.cpp(400) : Destination "\Device\SRTSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4399&SUBSYS_3047103C&REV_00#3&21436425&0&A5#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C52B&MI_01&Col01#7&26907326&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C52B#5&34357ba7&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_6_-_AMD_Athlon(tm)_II_X2_B24_Processor#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_3047103C&REV_00#3&21436425&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321d467b&0&3#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{27571140-1182-46FD-9C02-3428226E1B47}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6C9E3E30-677E-456E-88E0-D503D89EF9E9}"
.\debug.cpp(400) : Destination "\Device\NDMP15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F9&PID_01A6&MI_02#6&3709143b&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HWP2842#5&14e2a111&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`80000000
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 149 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1136) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1138) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1139) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1143) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1144) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1147) :
.\boot_cleaner.cpp(1152) : Done;
Broni
Posts: 56,041 +516
Download TDSSKiller and save it to your desktop.
- Extract (unzip) its contents to your desktop.
- Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
16:52:58.0275 7856 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
16:52:58.0650 7856 ============================================================
16:52:58.0650 7856 Current date / time: 2012/06/05 16:52:58.0650
16:52:58.0650 7856 SystemInfo:
16:52:58.0650 7856
16:52:58.0650 7856 OS Version: 6.1.7601 ServicePack: 1.0
16:52:58.0650 7856 Product type: Workstation
16:52:58.0650 7856 ComputerName: DR-OFFICE
16:52:58.0650 7856 UserName: drgewirtz
16:52:58.0650 7856 Windows directory: C:\Windows
16:52:58.0650 7856 System windows directory: C:\Windows
16:52:58.0650 7856 Processor architecture: Intel x86
16:52:58.0650 7856 Number of processors: 2
16:52:58.0650 7856 Page size: 0x1000
16:52:58.0650 7856 Boot type: Normal boot
16:52:58.0650 7856 ============================================================
16:52:59.0851 7856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:52:59.0851 7856 ============================================================
16:52:59.0851 7856 \Device\Harddisk0\DR0:
16:52:59.0851 7856 MBR partitions:
16:52:59.0851 7856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800
16:52:59.0851 7856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x117B4800
16:52:59.0851 7856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11BB4800, BlocksNum 0xE60000
16:52:59.0851 7856 ============================================================
16:52:59.0882 7856 C: <-> \Device\Harddisk0\DR0\Partition1
16:52:59.0929 7856 D: <-> \Device\Harddisk0\DR0\Partition2
16:52:59.0929 7856 ============================================================
16:52:59.0929 7856 Initialize success
16:52:59.0929 7856 ============================================================
16:53:26.0856 7956 ============================================================
16:53:26.0856 7956 Scan started
16:53:26.0856 7956 Mode: Manual;
16:53:26.0856 7956 ============================================================
16:53:27.0792 7956 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:53:27.0823 7956 1394ohci - ok
16:53:27.0886 7956 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:53:27.0901 7956 ACPI - ok
16:53:27.0964 7956 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:53:27.0964 7956 AcpiPmi - ok
16:53:28.0104 7956 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:53:28.0104 7956 AdobeARMservice - ok
16:53:28.0213 7956 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:53:28.0229 7956 AdobeFlashPlayerUpdateSvc - ok
16:53:28.0307 7956 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:53:28.0323 7956 adp94xx - ok
16:53:28.0354 7956 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:53:28.0385 7956 adpahci - ok
16:53:28.0401 7956 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:53:28.0416 7956 adpu320 - ok
16:53:28.0447 7956 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:53:28.0447 7956 AeLookupSvc - ok
16:53:28.0525 7956 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:53:28.0525 7956 AFD - ok
16:53:28.0572 7956 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:53:28.0572 7956 agp440 - ok
16:53:28.0635 7956 ahcix86s (38bc231bc7424c0559d71e24a56a4032) C:\Windows\system32\DRIVERS\ahcix86s.sys
16:53:28.0650 7956 ahcix86s - ok
16:53:28.0697 7956 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:53:28.0728 7956 aic78xx - ok
16:53:28.0775 7956 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:53:28.0775 7956 ALG - ok
16:53:28.0822 7956 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:53:28.0837 7956 aliide - ok
16:53:28.0884 7956 AMD External Events Utility (0656b3898c41334e51ef7d1d7a907738) C:\Windows\system32\atiesrxx.exe
16:53:28.0900 7956 AMD External Events Utility - ok
16:53:28.0993 7956 AMD FUEL Service - ok
16:53:29.0056 7956 AMD Reservation Manager (9fe76d783a7d47965d086a220b54277b) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
16:53:29.0071 7956 AMD Reservation Manager - ok
16:53:29.0103 7956 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:53:29.0134 7956 amdagp - ok
16:53:29.0134 7956 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:53:29.0149 7956 amdide - ok
16:53:29.0196 7956 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
16:53:29.0196 7956 amdiox86 - ok
16:53:29.0227 7956 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:53:29.0243 7956 AmdK8 - ok
16:53:29.0836 7956 amdkmdag (ad046a47ab5ef015a74baf1a42ff09a3) C:\Windows\system32\DRIVERS\atikmdag.sys
16:53:29.0961 7956 amdkmdag - ok
16:53:30.0132 7956 amdkmdap (fa05e9ef58dce49adbab2bb7027f909a) C:\Windows\system32\DRIVERS\atikmpag.sys
16:53:30.0132 7956 amdkmdap - ok
16:53:30.0179 7956 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:53:30.0179 7956 AmdPPM - ok
16:53:30.0241 7956 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:53:30.0273 7956 amdsata - ok
16:53:30.0304 7956 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:53:30.0319 7956 amdsbs - ok
16:53:30.0335 7956 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:53:30.0335 7956 amdxata - ok
16:53:30.0429 7956 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
16:53:30.0429 7956 AMD_RAIDXpert - ok
16:53:30.0475 7956 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:53:30.0507 7956 AppID - ok
16:53:30.0553 7956 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:53:30.0553 7956 AppIDSvc - ok
16:53:30.0585 7956 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:53:30.0585 7956 Appinfo - ok
16:53:30.0725 7956 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:53:30.0725 7956 Apple Mobile Device - ok
16:53:30.0756 7956 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:53:30.0756 7956 AppMgmt - ok
16:53:30.0819 7956 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:53:30.0834 7956 arc - ok
16:53:30.0850 7956 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:53:30.0866 7956 arcsas - ok
16:53:30.0990 7956 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:53:31.0068 7956 aspnet_state - ok
16:53:31.0100 7956 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:53:31.0100 7956 AsyncMac - ok
16:53:31.0115 7956 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:53:31.0115 7956 atapi - ok
16:53:31.0755 7956 atikmdag (ad046a47ab5ef015a74baf1a42ff09a3) C:\Windows\system32\DRIVERS\atikmdag.sys
16:53:31.0786 7956 atikmdag - ok
16:53:31.0942 7956 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:53:31.0942 7956 AtiPcie - ok
16:53:32.0036 7956 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:53:32.0051 7956 AudioEndpointBuilder - ok
16:53:32.0067 7956 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:53:32.0067 7956 Audiosrv - ok
16:53:32.0129 7956 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:53:32.0129 7956 AxInstSV - ok
16:53:32.0176 7956 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:53:32.0207 7956 b06bdrv - ok
16:53:32.0254 7956 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:53:32.0270 7956 b57nd60x - ok
16:53:32.0285 7956 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:53:32.0285 7956 BDESVC - ok
16:53:32.0316 7956 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:53:32.0316 7956 Beep - ok
16:53:32.0394 7956 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
16:53:32.0410 7956 BFE - ok
16:53:32.0488 7956 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
16:53:32.0488 7956 BITS - ok
16:53:32.0504 7956 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:53:32.0504 7956 blbdrive - ok
16:53:32.0550 7956 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
16:53:32.0582 7956 Blfp - ok
16:53:32.0722 7956 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:53:32.0722 7956 Bonjour Service - ok
16:53:32.0800 7956 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:53:32.0800 7956 bowser - ok
16:53:32.0831 7956 BrcmMgmtAgent (013fe11718a1ed54c57544ac233bfa33) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
16:53:32.0831 7956 BrcmMgmtAgent - ok
16:53:32.0862 7956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:53:32.0878 7956 BrFiltLo - ok
16:53:32.0878 7956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:53:32.0894 7956 BrFiltUp - ok
16:53:32.0940 7956 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:53:32.0940 7956 Browser - ok
16:53:32.0987 7956 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\system32\DRIVERS\BrSerId.sys
16:53:33.0003 7956 Brserid - ok
16:53:33.0018 7956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:53:33.0050 7956 BrSerWdm - ok
16:53:33.0065 7956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:53:33.0081 7956 BrUsbMdm - ok
16:53:33.0081 7956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
16:53:33.0096 7956 BrUsbSer - ok
16:53:33.0112 7956 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:53:33.0112 7956 BTHMODEM - ok
16:53:33.0252 7956 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:53:33.0268 7956 bthserv - ok
16:53:33.0752 7956 CarboniteService (a58b3de1d95e10fc840f635ba9c3f174) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
16:53:33.0767 7956 CarboniteService - ok
16:53:33.0876 7956 ccEvtMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:53:33.0876 7956 ccEvtMgr - ok
16:53:33.0892 7956 ccSetMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:53:33.0892 7956 ccSetMgr - ok
16:53:34.0064 7956 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:53:34.0095 7956 cdfs - ok
16:53:34.0157 7956 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
16:53:34.0157 7956 cdrom - ok
16:53:34.0220 7956 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:53:34.0220 7956 CertPropSvc - ok
16:53:34.0235 7956 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:53:34.0251 7956 circlass - ok
16:53:34.0298 7956 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:53:34.0313 7956 CLFS - ok
16:53:34.0376 7956 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:34.0423 7956 clr_optimization_v2.0.50727_32 - ok
16:53:34.0532 7956 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:34.0563 7956 clr_optimization_v4.0.30319_32 - ok
16:53:34.0579 7956 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:34.0594 7956 CmBatt - ok
16:53:34.0657 7956 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:53:34.0672 7956 cmdide - ok
16:53:34.0735 7956 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:53:34.0750 7956 CNG - ok
16:53:34.0766 7956 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:53:34.0766 7956 Compbatt - ok
16:53:34.0828 7956 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:53:34.0828 7956 CompositeBus - ok
16:53:34.0844 7956 COMSysApp - ok
16:53:34.0859 7956 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:53:34.0875 7956 crcdisk - ok
16:53:34.0922 7956 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
16:53:34.0922 7956 CryptSvc - ok
16:53:35.0000 7956 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
16:53:35.0000 7956 CSC - ok
16:53:35.0047 7956 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
16:53:35.0062 7956 CscService - ok
16:53:35.0125 7956 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
16:53:35.0140 7956 ctxusbm - ok
16:53:35.0218 7956 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:53:35.0218 7956 DcomLaunch - ok
16:53:35.0265 7956 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:53:35.0265 7956 defragsvc - ok
16:53:35.0327 7956 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:53:35.0327 7956 DfsC - ok
16:53:35.0405 7956 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:53:35.0405 7956 Dhcp - ok
16:53:35.0452 7956 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:53:35.0452 7956 discache - ok
16:53:35.0483 7956 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:53:35.0483 7956 Disk - ok
16:53:35.0577 7956 DMService (5aa7259db2bdc4878531621c7e91cdb4) C:\Windows\DOWNLO~1\DMService.exe
16:53:35.0639 7956 DMService - ok
16:53:35.0671 7956 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:53:35.0686 7956 Dnscache - ok
16:53:35.0749 7956 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:53:35.0749 7956 dot3svc - ok
16:53:35.0811 7956 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:53:35.0811 7956 DPS - ok
16:53:35.0842 7956 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:53:35.0858 7956 drmkaud - ok
16:53:35.0967 7956 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:53:35.0983 7956 DXGKrnl - ok
16:53:36.0014 7956 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:53:36.0014 7956 EapHost - ok
16:53:36.0279 7956 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:53:36.0341 7956 ebdrv - ok
16:53:36.0466 7956 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:53:36.0497 7956 eeCtrl - ok
16:53:36.0638 7956 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:53:36.0638 7956 EFS - ok
16:53:36.0731 7956 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
16:53:36.0825 7956 ehRecvr - ok
16:53:36.0841 7956 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:53:36.0887 7956 ehSched - ok
16:53:36.0981 7956 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:53:37.0012 7956 elxstor - ok
16:53:37.0121 7956 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:53:37.0153 7956 EraserUtilRebootDrv - ok
16:53:37.0184 7956 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:53:37.0199 7956 ErrDev - ok
16:53:37.0246 7956 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:53:37.0262 7956 EventSystem - ok
16:53:37.0293 7956 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:53:37.0309 7956 exfat - ok
16:53:37.0324 7956 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:53:37.0340 7956 fastfat - ok
16:53:37.0418 7956 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:53:37.0433 7956 Fax - ok
16:53:37.0449 7956 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:53:37.0449 7956 fdc - ok
16:53:37.0465 7956 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:53:37.0465 7956 fdPHost - ok
16:53:37.0480 7956 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:53:37.0480 7956 FDResPub - ok
16:53:37.0496 7956 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:53:37.0496 7956 FileInfo - ok
16:53:37.0496 7956 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:53:37.0511 7956 Filetrace - ok
16:53:37.0527 7956 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:37.0527 7956 flpydisk - ok
16:53:37.0574 7956 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:53:37.0590 7956 FltMgr - ok
16:53:37.0699 7956 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:53:37.0730 7956 FontCache - ok
16:53:37.0792 7956 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:53:37.0792 7956 FontCache3.0.0.0 - ok
16:53:37.0824 7956 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:53:37.0839 7956 FsDepends - ok
16:53:37.0886 7956 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
16:53:37.0886 7956 Fs_Rec - ok
16:53:37.0948 7956 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:53:37.0948 7956 fvevol - ok
16:53:37.0980 7956 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:53:37.0980 7956 gagp30kx - ok
16:53:38.0042 7956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:53:38.0058 7956 GEARAspiWDM - ok
16:53:38.0151 7956 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
16:53:38.0167 7956 GoToAssist - ok
16:53:38.0260 7956 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:53:38.0276 7956 gpsvc - ok
16:53:38.0385 7956 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:53:38.0385 7956 gupdate - ok
16:53:38.0401 7956 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:53:38.0401 7956 gupdatem - ok
16:53:38.0432 7956 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:53:38.0479 7956 gusvc - ok
16:53:38.0494 7956 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:53:38.0494 7956 hcw85cir - ok
16:53:38.0572 7956 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:53:38.0604 7956 HdAudAddService - ok
16:53:38.0635 7956 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:53:38.0635 7956 HDAudBus - ok
16:53:38.0650 7956 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:53:38.0666 7956 HidBatt - ok
16:53:38.0697 7956 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:53:38.0713 7956 HidBth - ok
16:53:38.0744 7956 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:53:38.0744 7956 HidIr - ok
16:53:38.0775 7956 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
16:53:38.0775 7956 hidserv - ok
16:53:38.0822 7956 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
16:53:38.0822 7956 HidUsb - ok
16:53:38.0853 7956 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:53:38.0853 7956 hkmsvc - ok
16:53:38.0884 7956 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:53:38.0884 7956 HomeGroupListener - ok
16:53:38.0931 7956 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:53:38.0947 7956 HomeGroupProvider - ok
16:53:39.0072 7956 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:53:39.0072 7956 HP Support Assistant Service - ok
16:53:39.0134 7956 Hp.Skyroom.Windows.Service (a1731b1204cd7eb9c244b0a6f89264df) C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
16:53:39.0134 7956 Hp.Skyroom.Windows.Service - ok
16:53:39.0212 7956 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:53:39.0212 7956 HPDrvMntSvc.exe - ok
16:53:39.0368 7956 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:53:39.0384 7956 hpqcxs08 - ok
16:53:39.0415 7956 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:53:39.0430 7956 hpqddsvc - ok
16:53:39.0555 7956 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
16:53:39.0602 7956 hpqwmiex - ok
16:53:39.0742 7956 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:53:39.0774 7956 HpSAMD - ok
16:53:39.0867 7956 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:53:39.0883 7956 HTTP - ok
16:53:39.0914 7956 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:53:39.0914 7956 hwpolicy - ok
16:53:39.0992 7956 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:53:40.0008 7956 i8042prt - ok
16:53:40.0086 7956 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:53:40.0132 7956 iaStorV - ok
16:53:40.0273 7956 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:53:40.0320 7956 idsvc - ok
16:53:41.0115 7956 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:53:41.0209 7956 igfx - ok
16:53:41.0381 7956 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:53:41.0396 7956 iirsp - ok
16:53:41.0521 7956 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:53:41.0521 7956 IKEEXT - ok
16:53:41.0864 7956 IntcAzAudAddService (3e67626ffff2ae1440bd0e94729a9edf) C:\Windows\system32\drivers\RTKVHDA.sys
16:53:41.0927 7956 IntcAzAudAddService - ok
16:53:42.0083 7956 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:53:42.0098 7956 intelide - ok
16:53:42.0129 7956 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:53:42.0145 7956 intelppm - ok
16:53:42.0192 7956 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:53:42.0192 7956 IPBusEnum - ok
16:53:42.0207 7956 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:42.0223 7956 IpFilterDriver - ok
16:53:42.0301 7956 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
16:53:42.0317 7956 iphlpsvc - ok
16:53:42.0348 7956 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:53:42.0363 7956 IPMIDRV - ok
16:53:42.0379 7956 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:53:42.0395 7956 IPNAT - ok
16:53:42.0551 7956 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:53:42.0566 7956 iPod Service - ok
16:53:42.0582 7956 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:53:42.0582 7956 IRENUM - ok
16:53:42.0629 7956 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:53:42.0644 7956 isapnp - ok
16:53:42.0707 7956 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:53:42.0722 7956 iScsiPrt - ok
16:53:42.0753 7956 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:53:42.0753 7956 kbdclass - ok
16:53:42.0800 7956 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
16:53:42.0800 7956 kbdhid - ok
16:53:42.0847 7956 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:53:42.0847 7956 KeyIso - ok
16:53:42.0894 7956 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:53:42.0909 7956 KSecDD - ok
16:53:42.0956 7956 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:53:42.0972 7956 KSecPkg - ok
16:53:43.0019 7956 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:53:43.0034 7956 KtmRm - ok
16:53:43.0081 7956 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
16:53:43.0081 7956 LanmanServer - ok
16:53:43.0143 7956 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:53:43.0143 7956 LanmanWorkstation - ok
16:53:43.0533 7956 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
16:53:43.0596 7956 LiveUpdate - ok
16:53:43.0736 7956 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:53:43.0752 7956 lltdio - ok
16:53:43.0783 7956 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:53:43.0783 7956 lltdsvc - ok
16:53:43.0799 7956 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:53:43.0799 7956 lmhosts - ok
16:53:43.0939 7956 LMIGuardianSvc (c2bc96051da4330c1fcf2fe13f60a748) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
16:53:43.0939 7956 LMIGuardianSvc - ok
16:53:43.0986 7956 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
16:53:44.0001 7956 LMIInfo - ok
16:53:44.0033 7956 LMIMaint (8960ac10842199c9dc2ec0956f5a4a8d) C:\Program Files\LogMeIn\x86\RaMaint.exe
16:53:44.0033 7956 LMIMaint - ok
16:53:44.0079 7956 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
16:53:44.0079 7956 lmimirr - ok
16:53:44.0079 7956 LMIRfsClientNP - ok
16:53:44.0095 7956 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:53:44.0095 7956 LMIRfsDriver - ok
16:53:44.0173 7956 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
16:53:44.0173 7956 LogMeIn - ok
16:53:44.0204 7956 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:53:44.0220 7956 LSI_FC - ok
16:53:44.0235 7956 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:53:44.0235 7956 LSI_SAS - ok
16:53:44.0251 7956 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:53:44.0267 7956 LSI_SAS2 - ok
16:53:44.0282 7956 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:53:44.0298 7956 LSI_SCSI - ok
16:53:44.0313 7956 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:53:44.0329 7956 luafv - ok
16:53:44.0360 7956 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
16:53:44.0360 7956 Mcx2Svc - ok
16:53:44.0376 7956 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:53:44.0391 7956 megasas - ok
16:53:44.0407 7956 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:53:44.0423 7956 MegaSR - ok
16:53:44.0454 7956 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:53:44.0454 7956 MMCSS - ok
16:53:44.0454 7956 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:53:44.0454 7956 Modem - ok
16:53:44.0501 7956 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:53:44.0501 7956 monitor - ok
16:53:44.0548 7956 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:53:44.0548 7956 mouclass - ok
16:53:44.0563 7956 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:53:44.0563 7956 mouhid - ok
16:53:44.0610 7956 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:53:44.0610 7956 mountmgr - ok
16:53:44.0657 7956 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:53:44.0704 7956 mpio - ok
16:53:44.0735 7956 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:53:44.0735 7956 mpsdrv - ok
16:53:44.0813 7956 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
16:53:44.0813 7956 MpsSvc - ok
16:53:44.0860 7956 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:53:44.0891 7956 MRxDAV - ok
16:53:44.0953 7956 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:44.0969 7956 mrxsmb - ok
16:53:45.0062 7956 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:45.0078 7956 mrxsmb10 - ok
16:53:45.0140 7956 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:45.0172 7956 mrxsmb20 - ok
16:53:45.0218 7956 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:53:45.0218 7956 msahci - ok
16:53:45.0265 7956 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:53:45.0281 7956 msdsm - ok
16:53:45.0499 7956 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:53:45.0499 7956 MSDTC - ok
16:53:45.0562 7956 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:52:58.0650 7856 ============================================================
16:52:58.0650 7856 Current date / time: 2012/06/05 16:52:58.0650
16:52:58.0650 7856 SystemInfo:
16:52:58.0650 7856
16:52:58.0650 7856 OS Version: 6.1.7601 ServicePack: 1.0
16:52:58.0650 7856 Product type: Workstation
16:52:58.0650 7856 ComputerName: DR-OFFICE
16:52:58.0650 7856 UserName: drgewirtz
16:52:58.0650 7856 Windows directory: C:\Windows
16:52:58.0650 7856 System windows directory: C:\Windows
16:52:58.0650 7856 Processor architecture: Intel x86
16:52:58.0650 7856 Number of processors: 2
16:52:58.0650 7856 Page size: 0x1000
16:52:58.0650 7856 Boot type: Normal boot
16:52:58.0650 7856 ============================================================
16:52:59.0851 7856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:52:59.0851 7856 ============================================================
16:52:59.0851 7856 \Device\Harddisk0\DR0:
16:52:59.0851 7856 MBR partitions:
16:52:59.0851 7856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800
16:52:59.0851 7856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x117B4800
16:52:59.0851 7856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11BB4800, BlocksNum 0xE60000
16:52:59.0851 7856 ============================================================
16:52:59.0882 7856 C: <-> \Device\Harddisk0\DR0\Partition1
16:52:59.0929 7856 D: <-> \Device\Harddisk0\DR0\Partition2
16:52:59.0929 7856 ============================================================
16:52:59.0929 7856 Initialize success
16:52:59.0929 7856 ============================================================
16:53:26.0856 7956 ============================================================
16:53:26.0856 7956 Scan started
16:53:26.0856 7956 Mode: Manual;
16:53:26.0856 7956 ============================================================
16:53:27.0792 7956 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:53:27.0823 7956 1394ohci - ok
16:53:27.0886 7956 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:53:27.0901 7956 ACPI - ok
16:53:27.0964 7956 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:53:27.0964 7956 AcpiPmi - ok
16:53:28.0104 7956 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:53:28.0104 7956 AdobeARMservice - ok
16:53:28.0213 7956 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:53:28.0229 7956 AdobeFlashPlayerUpdateSvc - ok
16:53:28.0307 7956 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:53:28.0323 7956 adp94xx - ok
16:53:28.0354 7956 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:53:28.0385 7956 adpahci - ok
16:53:28.0401 7956 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:53:28.0416 7956 adpu320 - ok
16:53:28.0447 7956 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:53:28.0447 7956 AeLookupSvc - ok
16:53:28.0525 7956 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:53:28.0525 7956 AFD - ok
16:53:28.0572 7956 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:53:28.0572 7956 agp440 - ok
16:53:28.0635 7956 ahcix86s (38bc231bc7424c0559d71e24a56a4032) C:\Windows\system32\DRIVERS\ahcix86s.sys
16:53:28.0650 7956 ahcix86s - ok
16:53:28.0697 7956 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:53:28.0728 7956 aic78xx - ok
16:53:28.0775 7956 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:53:28.0775 7956 ALG - ok
16:53:28.0822 7956 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:53:28.0837 7956 aliide - ok
16:53:28.0884 7956 AMD External Events Utility (0656b3898c41334e51ef7d1d7a907738) C:\Windows\system32\atiesrxx.exe
16:53:28.0900 7956 AMD External Events Utility - ok
16:53:28.0993 7956 AMD FUEL Service - ok
16:53:29.0056 7956 AMD Reservation Manager (9fe76d783a7d47965d086a220b54277b) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
16:53:29.0071 7956 AMD Reservation Manager - ok
16:53:29.0103 7956 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:53:29.0134 7956 amdagp - ok
16:53:29.0134 7956 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:53:29.0149 7956 amdide - ok
16:53:29.0196 7956 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
16:53:29.0196 7956 amdiox86 - ok
16:53:29.0227 7956 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:53:29.0243 7956 AmdK8 - ok
16:53:29.0836 7956 amdkmdag (ad046a47ab5ef015a74baf1a42ff09a3) C:\Windows\system32\DRIVERS\atikmdag.sys
16:53:29.0961 7956 amdkmdag - ok
16:53:30.0132 7956 amdkmdap (fa05e9ef58dce49adbab2bb7027f909a) C:\Windows\system32\DRIVERS\atikmpag.sys
16:53:30.0132 7956 amdkmdap - ok
16:53:30.0179 7956 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:53:30.0179 7956 AmdPPM - ok
16:53:30.0241 7956 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:53:30.0273 7956 amdsata - ok
16:53:30.0304 7956 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:53:30.0319 7956 amdsbs - ok
16:53:30.0335 7956 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:53:30.0335 7956 amdxata - ok
16:53:30.0429 7956 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
16:53:30.0429 7956 AMD_RAIDXpert - ok
16:53:30.0475 7956 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:53:30.0507 7956 AppID - ok
16:53:30.0553 7956 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:53:30.0553 7956 AppIDSvc - ok
16:53:30.0585 7956 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:53:30.0585 7956 Appinfo - ok
16:53:30.0725 7956 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:53:30.0725 7956 Apple Mobile Device - ok
16:53:30.0756 7956 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:53:30.0756 7956 AppMgmt - ok
16:53:30.0819 7956 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:53:30.0834 7956 arc - ok
16:53:30.0850 7956 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:53:30.0866 7956 arcsas - ok
16:53:30.0990 7956 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:53:31.0068 7956 aspnet_state - ok
16:53:31.0100 7956 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:53:31.0100 7956 AsyncMac - ok
16:53:31.0115 7956 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:53:31.0115 7956 atapi - ok
16:53:31.0755 7956 atikmdag (ad046a47ab5ef015a74baf1a42ff09a3) C:\Windows\system32\DRIVERS\atikmdag.sys
16:53:31.0786 7956 atikmdag - ok
16:53:31.0942 7956 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:53:31.0942 7956 AtiPcie - ok
16:53:32.0036 7956 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:53:32.0051 7956 AudioEndpointBuilder - ok
16:53:32.0067 7956 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:53:32.0067 7956 Audiosrv - ok
16:53:32.0129 7956 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:53:32.0129 7956 AxInstSV - ok
16:53:32.0176 7956 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:53:32.0207 7956 b06bdrv - ok
16:53:32.0254 7956 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:53:32.0270 7956 b57nd60x - ok
16:53:32.0285 7956 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:53:32.0285 7956 BDESVC - ok
16:53:32.0316 7956 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:53:32.0316 7956 Beep - ok
16:53:32.0394 7956 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
16:53:32.0410 7956 BFE - ok
16:53:32.0488 7956 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
16:53:32.0488 7956 BITS - ok
16:53:32.0504 7956 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:53:32.0504 7956 blbdrive - ok
16:53:32.0550 7956 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
16:53:32.0582 7956 Blfp - ok
16:53:32.0722 7956 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:53:32.0722 7956 Bonjour Service - ok
16:53:32.0800 7956 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:53:32.0800 7956 bowser - ok
16:53:32.0831 7956 BrcmMgmtAgent (013fe11718a1ed54c57544ac233bfa33) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
16:53:32.0831 7956 BrcmMgmtAgent - ok
16:53:32.0862 7956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:53:32.0878 7956 BrFiltLo - ok
16:53:32.0878 7956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:53:32.0894 7956 BrFiltUp - ok
16:53:32.0940 7956 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:53:32.0940 7956 Browser - ok
16:53:32.0987 7956 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\system32\DRIVERS\BrSerId.sys
16:53:33.0003 7956 Brserid - ok
16:53:33.0018 7956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:53:33.0050 7956 BrSerWdm - ok
16:53:33.0065 7956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:53:33.0081 7956 BrUsbMdm - ok
16:53:33.0081 7956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
16:53:33.0096 7956 BrUsbSer - ok
16:53:33.0112 7956 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:53:33.0112 7956 BTHMODEM - ok
16:53:33.0252 7956 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:53:33.0268 7956 bthserv - ok
16:53:33.0752 7956 CarboniteService (a58b3de1d95e10fc840f635ba9c3f174) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
16:53:33.0767 7956 CarboniteService - ok
16:53:33.0876 7956 ccEvtMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:53:33.0876 7956 ccEvtMgr - ok
16:53:33.0892 7956 ccSetMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:53:33.0892 7956 ccSetMgr - ok
16:53:34.0064 7956 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:53:34.0095 7956 cdfs - ok
16:53:34.0157 7956 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
16:53:34.0157 7956 cdrom - ok
16:53:34.0220 7956 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:53:34.0220 7956 CertPropSvc - ok
16:53:34.0235 7956 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:53:34.0251 7956 circlass - ok
16:53:34.0298 7956 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:53:34.0313 7956 CLFS - ok
16:53:34.0376 7956 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:34.0423 7956 clr_optimization_v2.0.50727_32 - ok
16:53:34.0532 7956 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:34.0563 7956 clr_optimization_v4.0.30319_32 - ok
16:53:34.0579 7956 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:34.0594 7956 CmBatt - ok
16:53:34.0657 7956 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:53:34.0672 7956 cmdide - ok
16:53:34.0735 7956 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:53:34.0750 7956 CNG - ok
16:53:34.0766 7956 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:53:34.0766 7956 Compbatt - ok
16:53:34.0828 7956 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:53:34.0828 7956 CompositeBus - ok
16:53:34.0844 7956 COMSysApp - ok
16:53:34.0859 7956 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:53:34.0875 7956 crcdisk - ok
16:53:34.0922 7956 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
16:53:34.0922 7956 CryptSvc - ok
16:53:35.0000 7956 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
16:53:35.0000 7956 CSC - ok
16:53:35.0047 7956 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
16:53:35.0062 7956 CscService - ok
16:53:35.0125 7956 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
16:53:35.0140 7956 ctxusbm - ok
16:53:35.0218 7956 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:53:35.0218 7956 DcomLaunch - ok
16:53:35.0265 7956 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:53:35.0265 7956 defragsvc - ok
16:53:35.0327 7956 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:53:35.0327 7956 DfsC - ok
16:53:35.0405 7956 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:53:35.0405 7956 Dhcp - ok
16:53:35.0452 7956 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:53:35.0452 7956 discache - ok
16:53:35.0483 7956 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:53:35.0483 7956 Disk - ok
16:53:35.0577 7956 DMService (5aa7259db2bdc4878531621c7e91cdb4) C:\Windows\DOWNLO~1\DMService.exe
16:53:35.0639 7956 DMService - ok
16:53:35.0671 7956 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:53:35.0686 7956 Dnscache - ok
16:53:35.0749 7956 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:53:35.0749 7956 dot3svc - ok
16:53:35.0811 7956 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:53:35.0811 7956 DPS - ok
16:53:35.0842 7956 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:53:35.0858 7956 drmkaud - ok
16:53:35.0967 7956 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:53:35.0983 7956 DXGKrnl - ok
16:53:36.0014 7956 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:53:36.0014 7956 EapHost - ok
16:53:36.0279 7956 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:53:36.0341 7956 ebdrv - ok
16:53:36.0466 7956 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:53:36.0497 7956 eeCtrl - ok
16:53:36.0638 7956 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:53:36.0638 7956 EFS - ok
16:53:36.0731 7956 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
16:53:36.0825 7956 ehRecvr - ok
16:53:36.0841 7956 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:53:36.0887 7956 ehSched - ok
16:53:36.0981 7956 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:53:37.0012 7956 elxstor - ok
16:53:37.0121 7956 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:53:37.0153 7956 EraserUtilRebootDrv - ok
16:53:37.0184 7956 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:53:37.0199 7956 ErrDev - ok
16:53:37.0246 7956 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:53:37.0262 7956 EventSystem - ok
16:53:37.0293 7956 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:53:37.0309 7956 exfat - ok
16:53:37.0324 7956 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:53:37.0340 7956 fastfat - ok
16:53:37.0418 7956 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:53:37.0433 7956 Fax - ok
16:53:37.0449 7956 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:53:37.0449 7956 fdc - ok
16:53:37.0465 7956 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:53:37.0465 7956 fdPHost - ok
16:53:37.0480 7956 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:53:37.0480 7956 FDResPub - ok
16:53:37.0496 7956 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:53:37.0496 7956 FileInfo - ok
16:53:37.0496 7956 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:53:37.0511 7956 Filetrace - ok
16:53:37.0527 7956 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:37.0527 7956 flpydisk - ok
16:53:37.0574 7956 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:53:37.0590 7956 FltMgr - ok
16:53:37.0699 7956 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:53:37.0730 7956 FontCache - ok
16:53:37.0792 7956 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:53:37.0792 7956 FontCache3.0.0.0 - ok
16:53:37.0824 7956 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:53:37.0839 7956 FsDepends - ok
16:53:37.0886 7956 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
16:53:37.0886 7956 Fs_Rec - ok
16:53:37.0948 7956 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:53:37.0948 7956 fvevol - ok
16:53:37.0980 7956 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:53:37.0980 7956 gagp30kx - ok
16:53:38.0042 7956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:53:38.0058 7956 GEARAspiWDM - ok
16:53:38.0151 7956 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
16:53:38.0167 7956 GoToAssist - ok
16:53:38.0260 7956 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:53:38.0276 7956 gpsvc - ok
16:53:38.0385 7956 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:53:38.0385 7956 gupdate - ok
16:53:38.0401 7956 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:53:38.0401 7956 gupdatem - ok
16:53:38.0432 7956 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:53:38.0479 7956 gusvc - ok
16:53:38.0494 7956 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:53:38.0494 7956 hcw85cir - ok
16:53:38.0572 7956 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:53:38.0604 7956 HdAudAddService - ok
16:53:38.0635 7956 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:53:38.0635 7956 HDAudBus - ok
16:53:38.0650 7956 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:53:38.0666 7956 HidBatt - ok
16:53:38.0697 7956 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:53:38.0713 7956 HidBth - ok
16:53:38.0744 7956 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:53:38.0744 7956 HidIr - ok
16:53:38.0775 7956 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
16:53:38.0775 7956 hidserv - ok
16:53:38.0822 7956 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
16:53:38.0822 7956 HidUsb - ok
16:53:38.0853 7956 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:53:38.0853 7956 hkmsvc - ok
16:53:38.0884 7956 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:53:38.0884 7956 HomeGroupListener - ok
16:53:38.0931 7956 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:53:38.0947 7956 HomeGroupProvider - ok
16:53:39.0072 7956 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:53:39.0072 7956 HP Support Assistant Service - ok
16:53:39.0134 7956 Hp.Skyroom.Windows.Service (a1731b1204cd7eb9c244b0a6f89264df) C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
16:53:39.0134 7956 Hp.Skyroom.Windows.Service - ok
16:53:39.0212 7956 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:53:39.0212 7956 HPDrvMntSvc.exe - ok
16:53:39.0368 7956 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:53:39.0384 7956 hpqcxs08 - ok
16:53:39.0415 7956 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:53:39.0430 7956 hpqddsvc - ok
16:53:39.0555 7956 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
16:53:39.0602 7956 hpqwmiex - ok
16:53:39.0742 7956 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:53:39.0774 7956 HpSAMD - ok
16:53:39.0867 7956 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:53:39.0883 7956 HTTP - ok
16:53:39.0914 7956 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:53:39.0914 7956 hwpolicy - ok
16:53:39.0992 7956 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:53:40.0008 7956 i8042prt - ok
16:53:40.0086 7956 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:53:40.0132 7956 iaStorV - ok
16:53:40.0273 7956 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:53:40.0320 7956 idsvc - ok
16:53:41.0115 7956 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:53:41.0209 7956 igfx - ok
16:53:41.0381 7956 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:53:41.0396 7956 iirsp - ok
16:53:41.0521 7956 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:53:41.0521 7956 IKEEXT - ok
16:53:41.0864 7956 IntcAzAudAddService (3e67626ffff2ae1440bd0e94729a9edf) C:\Windows\system32\drivers\RTKVHDA.sys
16:53:41.0927 7956 IntcAzAudAddService - ok
16:53:42.0083 7956 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:53:42.0098 7956 intelide - ok
16:53:42.0129 7956 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:53:42.0145 7956 intelppm - ok
16:53:42.0192 7956 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:53:42.0192 7956 IPBusEnum - ok
16:53:42.0207 7956 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:42.0223 7956 IpFilterDriver - ok
16:53:42.0301 7956 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
16:53:42.0317 7956 iphlpsvc - ok
16:53:42.0348 7956 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:53:42.0363 7956 IPMIDRV - ok
16:53:42.0379 7956 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:53:42.0395 7956 IPNAT - ok
16:53:42.0551 7956 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:53:42.0566 7956 iPod Service - ok
16:53:42.0582 7956 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:53:42.0582 7956 IRENUM - ok
16:53:42.0629 7956 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:53:42.0644 7956 isapnp - ok
16:53:42.0707 7956 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:53:42.0722 7956 iScsiPrt - ok
16:53:42.0753 7956 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:53:42.0753 7956 kbdclass - ok
16:53:42.0800 7956 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
16:53:42.0800 7956 kbdhid - ok
16:53:42.0847 7956 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:53:42.0847 7956 KeyIso - ok
16:53:42.0894 7956 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:53:42.0909 7956 KSecDD - ok
16:53:42.0956 7956 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:53:42.0972 7956 KSecPkg - ok
16:53:43.0019 7956 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:53:43.0034 7956 KtmRm - ok
16:53:43.0081 7956 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
16:53:43.0081 7956 LanmanServer - ok
16:53:43.0143 7956 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:53:43.0143 7956 LanmanWorkstation - ok
16:53:43.0533 7956 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
16:53:43.0596 7956 LiveUpdate - ok
16:53:43.0736 7956 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:53:43.0752 7956 lltdio - ok
16:53:43.0783 7956 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:53:43.0783 7956 lltdsvc - ok
16:53:43.0799 7956 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:53:43.0799 7956 lmhosts - ok
16:53:43.0939 7956 LMIGuardianSvc (c2bc96051da4330c1fcf2fe13f60a748) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
16:53:43.0939 7956 LMIGuardianSvc - ok
16:53:43.0986 7956 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
16:53:44.0001 7956 LMIInfo - ok
16:53:44.0033 7956 LMIMaint (8960ac10842199c9dc2ec0956f5a4a8d) C:\Program Files\LogMeIn\x86\RaMaint.exe
16:53:44.0033 7956 LMIMaint - ok
16:53:44.0079 7956 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
16:53:44.0079 7956 lmimirr - ok
16:53:44.0079 7956 LMIRfsClientNP - ok
16:53:44.0095 7956 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:53:44.0095 7956 LMIRfsDriver - ok
16:53:44.0173 7956 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
16:53:44.0173 7956 LogMeIn - ok
16:53:44.0204 7956 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:53:44.0220 7956 LSI_FC - ok
16:53:44.0235 7956 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:53:44.0235 7956 LSI_SAS - ok
16:53:44.0251 7956 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:53:44.0267 7956 LSI_SAS2 - ok
16:53:44.0282 7956 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:53:44.0298 7956 LSI_SCSI - ok
16:53:44.0313 7956 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:53:44.0329 7956 luafv - ok
16:53:44.0360 7956 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
16:53:44.0360 7956 Mcx2Svc - ok
16:53:44.0376 7956 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:53:44.0391 7956 megasas - ok
16:53:44.0407 7956 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:53:44.0423 7956 MegaSR - ok
16:53:44.0454 7956 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:53:44.0454 7956 MMCSS - ok
16:53:44.0454 7956 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:53:44.0454 7956 Modem - ok
16:53:44.0501 7956 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:53:44.0501 7956 monitor - ok
16:53:44.0548 7956 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:53:44.0548 7956 mouclass - ok
16:53:44.0563 7956 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:53:44.0563 7956 mouhid - ok
16:53:44.0610 7956 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:53:44.0610 7956 mountmgr - ok
16:53:44.0657 7956 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:53:44.0704 7956 mpio - ok
16:53:44.0735 7956 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:53:44.0735 7956 mpsdrv - ok
16:53:44.0813 7956 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
16:53:44.0813 7956 MpsSvc - ok
16:53:44.0860 7956 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:53:44.0891 7956 MRxDAV - ok
16:53:44.0953 7956 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:44.0969 7956 mrxsmb - ok
16:53:45.0062 7956 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:45.0078 7956 mrxsmb10 - ok
16:53:45.0140 7956 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:45.0172 7956 mrxsmb20 - ok
16:53:45.0218 7956 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:53:45.0218 7956 msahci - ok
16:53:45.0265 7956 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:53:45.0281 7956 msdsm - ok
16:53:45.0499 7956 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:53:45.0499 7956 MSDTC - ok
16:53:45.0562 7956 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:53:45.0562 7956 Msfs - ok
16:53:45.0577 7956 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:53:45.0577 7956 mshidkmdf - ok
16:53:45.0624 7956 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:53:45.0624 7956 msisadrv - ok
16:53:45.0655 7956 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:53:45.0671 7956 MSiSCSI - ok
16:53:45.0671 7956 msiserver - ok
16:53:45.0702 7956 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:53:45.0702 7956 MSKSSRV - ok
16:53:45.0718 7956 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:45.0718 7956 MSPCLOCK - ok
16:53:45.0749 7956 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:53:45.0749 7956 MSPQM - ok
16:53:45.0780 7956 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:53:45.0780 7956 MsRPC - ok
16:53:45.0811 7956 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:53:45.0811 7956 mssmbios - ok
16:53:45.0827 7956 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:53:45.0827 7956 MSTEE - ok
16:53:45.0842 7956 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:53:45.0858 7956 MTConfig - ok
16:53:45.0858 7956 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:53:45.0858 7956 Mup - ok
16:53:45.0936 7956 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:53:45.0936 7956 napagent - ok
16:53:45.0983 7956 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:53:45.0998 7956 NativeWifiP - ok
16:53:46.0154 7956 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVENG.SYS
16:53:46.0170 7956 NAVENG - ok
16:53:46.0295 7956 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVEX15.SYS
16:53:46.0342 7956 NAVEX15 - ok
16:53:46.0544 7956 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:53:46.0560 7956 NDIS - ok
16:53:46.0591 7956 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:53:46.0607 7956 NdisCap - ok
16:53:46.0622 7956 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:46.0622 7956 NdisTapi - ok
16:53:46.0669 7956 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:46.0685 7956 Ndisuio - ok
16:53:46.0747 7956 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:46.0763 7956 NdisWan - ok
16:53:46.0810 7956 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:53:46.0825 7956 NDProxy - ok
16:53:46.0888 7956 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
16:53:46.0888 7956 Net Driver HPZ12 - ok
16:53:46.0919 7956 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:53:46.0919 7956 NetBIOS - ok
16:53:46.0981 7956 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:53:46.0981 7956 NetBT - ok
16:53:47.0028 7956 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:53:47.0028 7956 Netlogon - ok
16:53:47.0106 7956 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:53:47.0122 7956 Netman - ok
16:53:47.0246 7956 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:53:47.0262 7956 NetMsmqActivator - ok
16:53:47.0278 7956 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:53:47.0278 7956 NetPipeActivator - ok
16:53:47.0324 7956 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:53:47.0324 7956 netprofm - ok
16:53:47.0340 7956 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:53:47.0340 7956 NetTcpActivator - ok
16:53:47.0340 7956 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:53:47.0340 7956 NetTcpPortSharing - ok
16:53:47.0371 7956 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:53:47.0371 7956 nfrd960 - ok
16:53:47.0434 7956 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:53:47.0434 7956 NlaSvc - ok
16:53:47.0449 7956 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:53:47.0449 7956 Npfs - ok
16:53:47.0465 7956 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:53:47.0465 7956 nsi - ok
16:53:47.0480 7956 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:53:47.0480 7956 nsiproxy - ok
16:53:47.0621 7956 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:53:47.0652 7956 Ntfs - ok
16:53:47.0808 7956 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:53:47.0808 7956 Null - ok
16:53:47.0855 7956 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:53:47.0886 7956 nvraid - ok
16:53:47.0917 7956 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:53:47.0917 7956 nvstor - ok
16:53:47.0949 7956 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:53:47.0964 7956 nv_agp - ok
16:53:47.0995 7956 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:53:48.0011 7956 ohci1394 - ok
16:53:48.0089 7956 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:53:48.0136 7956 ose - ok
16:53:48.0557 7956 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:53:48.0619 7956 osppsvc - ok
16:53:48.0775 7956 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:53:48.0791 7956 p2pimsvc - ok
16:53:48.0853 7956 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:53:48.0853 7956 p2psvc - ok
16:53:48.0931 7956 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:53:48.0931 7956 Parport - ok
16:53:48.0978 7956 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
16:53:48.0978 7956 partmgr - ok
16:53:48.0994 7956 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:53:48.0994 7956 Parvdm - ok
16:53:49.0025 7956 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:53:49.0025 7956 PcaSvc - ok
16:53:49.0072 7956 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:53:49.0087 7956 pci - ok
16:53:49.0103 7956 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:53:49.0103 7956 pciide - ok
16:53:49.0165 7956 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:53:49.0181 7956 pcmcia - ok
16:53:49.0212 7956 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:53:49.0212 7956 pcw - ok
16:53:49.0259 7956 pdfcDispatcher - ok
16:53:49.0321 7956 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:53:49.0337 7956 PEAUTH - ok
16:53:49.0446 7956 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:53:49.0477 7956 PeerDistSvc - ok
16:53:49.0649 7956 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:53:49.0680 7956 pla - ok
16:53:49.0852 7956 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:53:49.0867 7956 PlugPlay - ok
16:53:49.0914 7956 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
16:53:49.0914 7956 Pml Driver HPZ12 - ok
16:53:49.0945 7956 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:53:49.0945 7956 PNRPAutoReg - ok
16:53:49.0977 7956 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:53:49.0977 7956 PNRPsvc - ok
16:53:50.0055 7956 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:53:50.0055 7956 PolicyAgent - ok
16:53:50.0117 7956 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:53:50.0133 7956 Power - ok
16:53:50.0320 7956 ppped (d483893aa28f060d2b2cdb69586d1cdb) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
16:53:50.0335 7956 ppped - ok
16:53:50.0382 7956 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:53:50.0398 7956 PptpMiniport - ok
16:53:50.0429 7956 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:53:50.0445 7956 Processor - ok
16:53:50.0538 7956 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
16:53:50.0538 7956 ProfSvc - ok
16:53:50.0585 7956 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:53:50.0601 7956 ProtectedStorage - ok
16:53:50.0632 7956 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:53:50.0632 7956 Psched - ok
16:53:50.0757 7956 QBCFMonitorService (933d92f0bd1d7a9835cd8a8b1235a11e) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:53:50.0757 7956 QBCFMonitorService - ok
16:53:50.0850 7956 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:53:50.0866 7956 QBFCService - ok
16:53:51.0037 7956 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
16:53:51.0037 7956 QBVSS - ok
16:53:51.0287 7956 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:53:51.0334 7956 ql2300 - ok
16:53:51.0428 7956 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:53:51.0443 7956 ql40xx - ok
16:53:51.0490 7956 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:53:51.0490 7956 QWAVE - ok
16:53:51.0506 7956 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:53:51.0521 7956 QWAVEdrv - ok
16:53:51.0537 7956 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:53:51.0537 7956 RasAcd - ok
16:53:51.0568 7956 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:53:51.0568 7956 RasAgileVpn - ok
16:53:51.0584 7956 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:53:51.0584 7956 RasAuto - ok
16:53:51.0599 7956 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:53:51.0615 7956 Rasl2tp - ok
16:53:51.0677 7956 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:53:51.0677 7956 RasMan - ok
16:53:51.0693 7956 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:53:51.0693 7956 RasPppoe - ok
16:53:51.0724 7956 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:53:51.0724 7956 RasSstp - ok
16:53:51.0786 7956 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:53:51.0802 7956 rdbss - ok
16:53:51.0818 7956 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:53:51.0818 7956 rdpbus - ok
16:53:51.0864 7956 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:53:51.0864 7956 RDPCDD - ok
16:53:51.0880 7956 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
16:53:51.0896 7956 RDPDR - ok
16:53:51.0927 7956 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:53:51.0927 7956 RDPENCDD - ok
16:53:51.0942 7956 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:53:51.0942 7956 RDPREFMP - ok
16:53:51.0989 7956 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
16:53:52.0020 7956 RDPWD - ok
16:53:52.0083 7956 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:53:52.0098 7956 rdyboost - ok
16:53:52.0114 7956 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:53:52.0114 7956 RemoteAccess - ok
16:53:52.0145 7956 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:53:52.0145 7956 RemoteRegistry - ok
16:53:52.0317 7956 rgsender (559a9654f993b2fafe900043242874c2) c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
16:53:52.0317 7956 rgsender - ok
16:53:52.0348 7956 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:53:52.0348 7956 RpcEptMapper - ok
16:53:52.0364 7956 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:53:52.0379 7956 RpcLocator - ok
16:53:52.0442 7956 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:53:52.0442 7956 RpcSs - ok
16:53:52.0488 7956 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:53:52.0504 7956 rspndr - ok
16:53:52.0535 7956 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
16:53:52.0535 7956 s3cap - ok
16:53:52.0566 7956 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:53:52.0566 7956 SamSs - ok
16:53:52.0613 7956 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:53:52.0629 7956 sbp2port - ok
16:53:52.0676 7956 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:53:52.0676 7956 SCardSvr - ok
16:53:52.0722 7956 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:53:52.0738 7956 scfilter - ok
16:53:52.0847 7956 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:53:52.0863 7956 Schedule - ok
16:53:52.0910 7956 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:53:52.0910 7956 SCPolicySvc - ok
16:53:52.0972 7956 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:53:52.0972 7956 SDRSVC - ok
16:53:53.0019 7956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:53:53.0019 7956 secdrv - ok
16:53:53.0050 7956 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:53:53.0050 7956 seclogon - ok
16:53:53.0081 7956 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:53:53.0097 7956 SENS - ok
16:53:53.0128 7956 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:53:53.0128 7956 SensrSvc - ok
16:53:53.0144 7956 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:53:53.0144 7956 Serenum - ok
16:53:53.0175 7956 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:53:53.0175 7956 Serial - ok
16:53:53.0222 7956 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:53:53.0237 7956 sermouse - ok
16:53:53.0300 7956 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:53:53.0315 7956 SessionEnv - ok
16:53:53.0346 7956 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:53:53.0362 7956 sffdisk - ok
16:53:53.0378 7956 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:53:53.0393 7956 sffp_mmc - ok
16:53:53.0409 7956 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:53:53.0409 7956 sffp_sd - ok
16:53:53.0424 7956 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:53:53.0424 7956 sfloppy - ok
16:53:53.0471 7956 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:53:53.0471 7956 SharedAccess - ok
16:53:53.0549 7956 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:53:53.0549 7956 ShellHWDetection - ok
16:53:53.0580 7956 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:53:53.0596 7956 sisagp - ok
16:53:53.0627 7956 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:53:53.0627 7956 SiSRaid2 - ok
16:53:53.0643 7956 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:53:53.0658 7956 SiSRaid4 - ok
16:53:53.0674 7956 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:53:53.0690 7956 Smb - ok
16:53:53.0986 7956 SmcService (0dc94380be7d36ae241029c72807692e) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
16:53:54.0002 7956 SmcService - ok
16:53:54.0064 7956 SNAC (65e1ebf379856b677979802c8d5bcd87) C:\Program Files\Symantec\Symantec Endpoint
Protection\SNAC.EXE
16:53:54.0111 7956 SNAC - ok
16:53:54.0267 7956 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:53:54.0267 7956 SNMPTRAP - ok
16:53:54.0407 7956 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:53:54.0438 7956 SPBBCDrv - ok
16:53:54.0470 7956 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:53:54.0470 7956 spldr - ok
16:53:54.0532 7956 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:53:54.0548 7956 Spooler - ok
16:53:54.0844 7956 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:53:54.0875 7956 sppsvc - ok
16:53:55.0031 7956 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:53:55.0031 7956 sppuinotify - ok
16:53:55.0125 7956 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
16:53:55.0125 7956 SRTSP - ok
16:53:55.0187 7956 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
16:53:55.0219 7956 SRTSPL - ok
16:53:55.0265 7956 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
16:53:55.0265 7956 SRTSPX - ok
16:53:55.0328 7956 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:53:55.0343 7956 srv - ok
16:53:55.0375 7956 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:53:55.0390 7956 srv2 - ok
16:53:55.0406 7956 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:53:55.0421 7956 srvnet - ok
16:53:55.0453 7956 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:53:55.0468 7956 SSDPSRV - ok
16:53:55.0484 7956 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:53:55.0484 7956 SstpSvc - ok
16:53:55.0515 7956 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:53:55.0515 7956 stexstor - ok
16:53:55.0609 7956 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
16:53:55.0624 7956 StillCam - ok
16:53:55.0796 7956 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:53:55.0811 7956 StiSvc - ok
16:53:55.0843 7956 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
16:53:55.0843 7956 storflt - ok
16:53:55.0858 7956 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
16:53:55.0858 7956 StorSvc - ok
16:53:55.0874 7956 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
16:53:55.0889 7956 storvsc - ok
16:53:55.0905 7956 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:53:55.0905 7956 swenum - ok
16:53:55.0952 7956 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:53:55.0983 7956 swprv - ok
16:53:56.0264 7956 Symantec AntiVirus (f3a4ead0b3946e439f0397f7a4d09952) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
16:53:56.0279 7956 Symantec AntiVirus - ok
16:53:56.0482 7956 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
16:53:56.0498 7956 SymEvent - ok
16:53:56.0545 7956 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
16:53:56.0545 7956 SYMREDRV - ok
16:53:56.0576 7956 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
16:53:56.0576 7956 SYMTDI - ok
16:53:56.0732 7956 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:53:56.0747 7956 SysMain - ok
16:53:56.0810 7956 SysPlant (5dcc2c7acc29dfba5ba82ed47d99c7e5) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
16:53:56.0810 7956 SysPlant - ok
16:53:56.0857 7956 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:53:56.0872 7956 TabletInputService - ok
16:53:56.0935 7956 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:53:56.0935 7956 TapiSrv - ok
16:53:56.0966 7956 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:53:56.0981 7956 TBS - ok
16:53:57.0137 7956 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
16:53:57.0184 7956 Tcpip - ok
16:53:57.0465 7956 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
16:53:57.0481 7956 TCPIP6 - ok
16:53:57.0637 7956 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:53:57.0637 7956 tcpipreg - ok
16:53:57.0683 7956 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:53:57.0699 7956 TDPIPE - ok
16:53:57.0730 7956 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:53:57.0746 7956 TDTCP - ok
16:53:57.0793 7956 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:53:57.0808 7956 tdx - ok
16:53:57.0855 7956 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\Windows\system32\DRIVERS\teefer2.sys
16:53:57.0871 7956 Teefer2 - ok
16:53:57.0917 7956 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:53:57.0917 7956 TermDD - ok
16:53:58.0011 7956 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:53:58.0027 7956 TermService - ok
16:53:58.0058 7956 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:53:58.0058 7956 Themes - ok
16:53:58.0089 7956 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:53:58.0089 7956 THREADORDER - ok
16:53:58.0120 7956 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
16:53:58.0120 7956 TPM - ok
16:53:58.0151 7956 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:53:58.0151 7956 TrkWks - ok
16:53:58.0229 7956 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:53:58.0261 7956 TrustedInstaller - ok
16:53:58.0276 7956 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:53:58.0292 7956 tssecsrv - ok
16:53:58.0323 7956 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:53:58.0354 7956 TsUsbFlt - ok
16:53:58.0417 7956 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:53:58.0432 7956 tunnel - ok
16:53:58.0464 7956 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:53:58.0479 7956 uagp35 - ok
16:53:58.0573 7956 uagqecsvc (9474ece6561990f7eb443e80cdfd2951) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
16:53:58.0573 7956 uagqecsvc - ok
16:53:58.0635 7956 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:53:58.0666 7956 udfs - ok
16:53:58.0698 7956 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:53:58.0698 7956 UI0Detect - ok
16:53:58.0744 7956 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:53:58.0744 7956 uliagpkx - ok
16:53:58.0791 7956 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:53:58.0791 7956 umbus - ok
16:53:58.0822 7956 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:53:58.0838 7956 UmPass - ok
16:53:58.0900 7956 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
16:53:58.0900 7956 UmRdpService - ok
16:53:58.0932 7956 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:53:58.0947 7956 upnphost - ok
16:53:58.0994 7956 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:53:58.0994 7956 USBAAPL - ok
16:53:59.0056 7956 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:53:59.0056 7956 usbccgp - ok
16:53:59.0103 7956 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:53:59.0134 7956 usbcir - ok
16:53:59.0166 7956 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:53:59.0166 7956 usbehci - ok
16:53:59.0212 7956 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:53:59.0228 7956 usbhub - ok
16:53:59.0244 7956 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
16:53:59.0244 7956 usbohci - ok
16:53:59.0275 7956 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:53:59.0275 7956 usbprint - ok
16:53:59.0290 7956 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:53:59.0290 7956 usbscan - ok
16:53:59.0322 7956 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:53:59.0322 7956 USBSTOR - ok
16:53:59.0337 7956 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
16:53:59.0337 7956 usbuhci - ok
16:53:59.0384 7956 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:53:59.0384 7956 UxSms - ok
16:53:59.0478 7956 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:53:59.0478 7956 VaultSvc - ok
16:53:59.0524 7956 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:53:59.0524 7956 vdrvroot - ok
16:53:59.0618 7956 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:53:59.0634 7956 vds - ok
16:53:59.0665 7956 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:53:59.0665 7956 vga - ok
16:53:59.0680 7956 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:53:59.0680 7956 VgaSave - ok
16:53:59.0727 7956 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:53:59.0727 7956 vhdmp - ok
16:53:59.0774 7956 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:53:59.0774 7956 viaagp - ok
16:53:59.0805 7956 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:53:59.0805 7956 ViaC7 - ok
16:53:59.0821 7956 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:53:59.0836 7956 viaide - ok
16:53:59.0852 7956 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
16:53:59.0868 7956 vmbus - ok
16:53:59.0868 7956 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
16:53:59.0868 7956 VMBusHID - ok
16:53:59.0899 7956 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:53:59.0899 7956 volmgr - ok
16:53:59.0930 7956 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:53:59.0946 7956 volmgrx - ok
16:53:59.0977 7956 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:53:59.0977 7956 volsnap - ok
16:54:00.0008 7956 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:54:00.0024 7956 vsmraid - ok
16:54:00.0148 7956 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:54:00.0164 7956 VSS - ok
16:54:00.0180 7956 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:54:00.0195 7956 vwifibus - ok
16:54:00.0242 7956 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:54:00.0242 7956 W32Time - ok
16:54:00.0273 7956 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:54:00.0289 7956 WacomPen - ok
16:54:00.0336 7956 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:54:00.0336 7956 WANARP - ok
16:54:00.0336 7956 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:54:00.0336 7956 Wanarpv6 - ok
16:54:00.0507 7956 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:54:00.0554 7956 WatAdminSvc - ok
16:54:00.0866 7956 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:54:00.0882 7956 wbengine - ok
16:54:00.0928 7956 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:54:00.0928 7956 WbioSrvc - ok
16:54:01.0006 7956 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:54:01.0006 7956 wcncsvc - ok
16:54:01.0022 7956 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:54:01.0022 7956 WcsPlugInService - ok
16:54:01.0069 7956 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:54:01.0084 7956 Wd - ok
16:54:01.0131 7956 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:54:01.0147 7956 Wdf01000 - ok
16:54:01.0162 7956 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:54:01.0162 7956 WdiServiceHost - ok
16:54:01.0178 7956 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:54:01.0178 7956 WdiSystemHost - ok
16:54:01.0225 7956 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:54:01.0240 7956 WebClient - ok
16:54:01.0287 7956 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:54:01.0287 7956 Wecsvc - ok
16:54:01.0303 7956 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:54:01.0318 7956 wercplsupport - ok
16:54:01.0334 7956 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:54:01.0350 7956 WerSvc - ok
16:54:01.0381 7956 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:54:01.0381 7956 WfpLwf - ok
16:54:01.0396 7956 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:54:01.0412 7956 WIMMount - ok
16:54:01.0552 7956 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:54:01.0599 7956 WinDefend - ok
16:54:01.0615 7956 WinHttpAutoProxySvc - ok
16:54:01.0662 7956 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:54:01.0693 7956 Winmgmt - ok
16:54:01.0849 7956 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:54:01.0865 7956 WinRM - ok
16:54:01.0927 7956 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:54:01.0943 7956 WinUsb - ok
16:54:02.0021 7956 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:54:02.0052 7956 Wlansvc - ok
16:54:02.0099 7956 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:54:02.0099 7956 WmiAcpi - ok
16:54:02.0161 7956 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:54:02.0223 7956 wmiApSrv - ok
16:54:02.0395 7956 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:54:02.0442 7956 WMPNetworkSvc - ok
16:54:02.0598 7956 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:54:02.0598 7956 WPCSvc - ok
16:54:02.0645 7956 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:54:02.0660 7956 WPDBusEnum - ok
16:54:02.0754 7956 WPS (e8e745b8eee63c7cf7d34833d3b8ca7f) C:\Windows\system32\drivers\wpsdrvnt.sys
16:54:02.0754 7956 WPS - ok
16:54:02.0801 7956 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
16:54:02.0801 7956 WpsHelper - ok
16:54:02.0816 7956 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:54:02.0832 7956 ws2ifsl - ok
16:54:02.0832 7956 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
16:54:02.0847 7956 wscsvc - ok
16:54:02.0847 7956 WSearch - ok
16:54:03.0050 7956 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
16:54:03.0081 7956 wuauserv - ok
16:54:03.0253 7956 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:54:03.0253 7956 WudfPf - ok
16:54:03.0284 7956 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:54:03.0315 7956 WUDFRd - ok
16:54:03.0362 7956 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:54:03.0362 7956 wudfsvc - ok
16:54:03.0393 7956 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:54:03.0409 7956 WwanSvc - ok
16:54:03.0425 7956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:54:03.0456 7956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:54:03.0456 7956 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:54:03.0487 7956 Boot (0x1200) (61210dc8c0e52e4aba3ecfe91b3edbc5) \Device\Harddisk0\DR0\Partition0
16:54:03.0487 7956 \Device\Harddisk0\DR0\Partition0 - ok
16:54:03.0503 7956 Boot (0x1200) (0a7dbc095e6616cdade9535dfc60f455) \Device\Harddisk0\DR0\Partition1
16:54:03.0518 7956 \Device\Harddisk0\DR0\Partition1 - ok
16:54:03.0549 7956 Boot (0x1200) (607d97e02b09d2b0c69208b91771626f) \Device\Harddisk0\DR0\Partition2
16:54:03.0549 7956 \Device\Harddisk0\DR0\Partition2 - ok
16:54:03.0549 7956 ============================================================
16:54:03.0549 7956 Scan finished
16:54:03.0549 7956 ============================================================
16:54:03.0643 7568 Detected object count: 1
16:54:03.0643 7568 Actual detected object count: 1
16:54:26.0296 7568 \Device\Harddisk0\DR0\# - copied to quarantine
16:54:26.0296 7568 \Device\Harddisk0\DR0 - copied to quarantine
16:54:26.0358 7568 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:54:26.0374 7568 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:54:26.0374 7568 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:54:26.0405 7568 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:54:26.0420 7568 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:54:26.0436 7568 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:54:26.0436 7568 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:54:26.0436 7568 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:54:26.0452 7568 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:54:26.0452 7568 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:54:26.0467 7568 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:54:26.0467 7568 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:54:26.0498 7568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:54:26.0498 7568 \Device\Harddisk0\DR0 - ok
16:54:27.0107 7568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:54:32.0177 6156 Deinitialize success
16:53:45.0577 7956 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:53:45.0577 7956 mshidkmdf - ok
16:53:45.0624 7956 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:53:45.0624 7956 msisadrv - ok
16:53:45.0655 7956 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:53:45.0671 7956 MSiSCSI - ok
16:53:45.0671 7956 msiserver - ok
16:53:45.0702 7956 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:53:45.0702 7956 MSKSSRV - ok
16:53:45.0718 7956 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:45.0718 7956 MSPCLOCK - ok
16:53:45.0749 7956 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:53:45.0749 7956 MSPQM - ok
16:53:45.0780 7956 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:53:45.0780 7956 MsRPC - ok
16:53:45.0811 7956 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:53:45.0811 7956 mssmbios - ok
16:53:45.0827 7956 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:53:45.0827 7956 MSTEE - ok
16:53:45.0842 7956 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:53:45.0858 7956 MTConfig - ok
16:53:45.0858 7956 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:53:45.0858 7956 Mup - ok
16:53:45.0936 7956 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:53:45.0936 7956 napagent - ok
16:53:45.0983 7956 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:53:45.0998 7956 NativeWifiP - ok
16:53:46.0154 7956 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVENG.SYS
16:53:46.0170 7956 NAVENG - ok
16:53:46.0295 7956 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVEX15.SYS
16:53:46.0342 7956 NAVEX15 - ok
16:53:46.0544 7956 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:53:46.0560 7956 NDIS - ok
16:53:46.0591 7956 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:53:46.0607 7956 NdisCap - ok
16:53:46.0622 7956 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:46.0622 7956 NdisTapi - ok
16:53:46.0669 7956 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:46.0685 7956 Ndisuio - ok
16:53:46.0747 7956 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:46.0763 7956 NdisWan - ok
16:53:46.0810 7956 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:53:46.0825 7956 NDProxy - ok
16:53:46.0888 7956 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
16:53:46.0888 7956 Net Driver HPZ12 - ok
16:53:46.0919 7956 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:53:46.0919 7956 NetBIOS - ok
16:53:46.0981 7956 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:53:46.0981 7956 NetBT - ok
16:53:47.0028 7956 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:53:47.0028 7956 Netlogon - ok
16:53:47.0106 7956 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:53:47.0122 7956 Netman - ok
16:53:47.0246 7956 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:53:47.0262 7956 NetMsmqActivator - ok
16:53:47.0278 7956 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:53:47.0278 7956 NetPipeActivator - ok
16:53:47.0324 7956 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:53:47.0324 7956 netprofm - ok
16:53:47.0340 7956 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:53:47.0340 7956 NetTcpActivator - ok
16:53:47.0340 7956 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:53:47.0340 7956 NetTcpPortSharing - ok
16:53:47.0371 7956 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:53:47.0371 7956 nfrd960 - ok
16:53:47.0434 7956 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:53:47.0434 7956 NlaSvc - ok
16:53:47.0449 7956 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:53:47.0449 7956 Npfs - ok
16:53:47.0465 7956 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:53:47.0465 7956 nsi - ok
16:53:47.0480 7956 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:53:47.0480 7956 nsiproxy - ok
16:53:47.0621 7956 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:53:47.0652 7956 Ntfs - ok
16:53:47.0808 7956 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:53:47.0808 7956 Null - ok
16:53:47.0855 7956 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:53:47.0886 7956 nvraid - ok
16:53:47.0917 7956 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:53:47.0917 7956 nvstor - ok
16:53:47.0949 7956 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:53:47.0964 7956 nv_agp - ok
16:53:47.0995 7956 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:53:48.0011 7956 ohci1394 - ok
16:53:48.0089 7956 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:53:48.0136 7956 ose - ok
16:53:48.0557 7956 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:53:48.0619 7956 osppsvc - ok
16:53:48.0775 7956 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:53:48.0791 7956 p2pimsvc - ok
16:53:48.0853 7956 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:53:48.0853 7956 p2psvc - ok
16:53:48.0931 7956 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:53:48.0931 7956 Parport - ok
16:53:48.0978 7956 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
16:53:48.0978 7956 partmgr - ok
16:53:48.0994 7956 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:53:48.0994 7956 Parvdm - ok
16:53:49.0025 7956 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:53:49.0025 7956 PcaSvc - ok
16:53:49.0072 7956 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:53:49.0087 7956 pci - ok
16:53:49.0103 7956 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:53:49.0103 7956 pciide - ok
16:53:49.0165 7956 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:53:49.0181 7956 pcmcia - ok
16:53:49.0212 7956 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:53:49.0212 7956 pcw - ok
16:53:49.0259 7956 pdfcDispatcher - ok
16:53:49.0321 7956 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:53:49.0337 7956 PEAUTH - ok
16:53:49.0446 7956 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:53:49.0477 7956 PeerDistSvc - ok
16:53:49.0649 7956 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:53:49.0680 7956 pla - ok
16:53:49.0852 7956 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:53:49.0867 7956 PlugPlay - ok
16:53:49.0914 7956 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
16:53:49.0914 7956 Pml Driver HPZ12 - ok
16:53:49.0945 7956 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:53:49.0945 7956 PNRPAutoReg - ok
16:53:49.0977 7956 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:53:49.0977 7956 PNRPsvc - ok
16:53:50.0055 7956 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:53:50.0055 7956 PolicyAgent - ok
16:53:50.0117 7956 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:53:50.0133 7956 Power - ok
16:53:50.0320 7956 ppped (d483893aa28f060d2b2cdb69586d1cdb) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
16:53:50.0335 7956 ppped - ok
16:53:50.0382 7956 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:53:50.0398 7956 PptpMiniport - ok
16:53:50.0429 7956 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:53:50.0445 7956 Processor - ok
16:53:50.0538 7956 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
16:53:50.0538 7956 ProfSvc - ok
16:53:50.0585 7956 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:53:50.0601 7956 ProtectedStorage - ok
16:53:50.0632 7956 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:53:50.0632 7956 Psched - ok
16:53:50.0757 7956 QBCFMonitorService (933d92f0bd1d7a9835cd8a8b1235a11e) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:53:50.0757 7956 QBCFMonitorService - ok
16:53:50.0850 7956 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:53:50.0866 7956 QBFCService - ok
16:53:51.0037 7956 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
16:53:51.0037 7956 QBVSS - ok
16:53:51.0287 7956 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:53:51.0334 7956 ql2300 - ok
16:53:51.0428 7956 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:53:51.0443 7956 ql40xx - ok
16:53:51.0490 7956 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:53:51.0490 7956 QWAVE - ok
16:53:51.0506 7956 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:53:51.0521 7956 QWAVEdrv - ok
16:53:51.0537 7956 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:53:51.0537 7956 RasAcd - ok
16:53:51.0568 7956 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:53:51.0568 7956 RasAgileVpn - ok
16:53:51.0584 7956 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:53:51.0584 7956 RasAuto - ok
16:53:51.0599 7956 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:53:51.0615 7956 Rasl2tp - ok
16:53:51.0677 7956 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:53:51.0677 7956 RasMan - ok
16:53:51.0693 7956 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:53:51.0693 7956 RasPppoe - ok
16:53:51.0724 7956 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:53:51.0724 7956 RasSstp - ok
16:53:51.0786 7956 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:53:51.0802 7956 rdbss - ok
16:53:51.0818 7956 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:53:51.0818 7956 rdpbus - ok
16:53:51.0864 7956 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:53:51.0864 7956 RDPCDD - ok
16:53:51.0880 7956 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
16:53:51.0896 7956 RDPDR - ok
16:53:51.0927 7956 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:53:51.0927 7956 RDPENCDD - ok
16:53:51.0942 7956 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:53:51.0942 7956 RDPREFMP - ok
16:53:51.0989 7956 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
16:53:52.0020 7956 RDPWD - ok
16:53:52.0083 7956 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:53:52.0098 7956 rdyboost - ok
16:53:52.0114 7956 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:53:52.0114 7956 RemoteAccess - ok
16:53:52.0145 7956 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:53:52.0145 7956 RemoteRegistry - ok
16:53:52.0317 7956 rgsender (559a9654f993b2fafe900043242874c2) c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
16:53:52.0317 7956 rgsender - ok
16:53:52.0348 7956 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:53:52.0348 7956 RpcEptMapper - ok
16:53:52.0364 7956 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:53:52.0379 7956 RpcLocator - ok
16:53:52.0442 7956 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:53:52.0442 7956 RpcSs - ok
16:53:52.0488 7956 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:53:52.0504 7956 rspndr - ok
16:53:52.0535 7956 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
16:53:52.0535 7956 s3cap - ok
16:53:52.0566 7956 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:53:52.0566 7956 SamSs - ok
16:53:52.0613 7956 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:53:52.0629 7956 sbp2port - ok
16:53:52.0676 7956 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:53:52.0676 7956 SCardSvr - ok
16:53:52.0722 7956 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:53:52.0738 7956 scfilter - ok
16:53:52.0847 7956 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:53:52.0863 7956 Schedule - ok
16:53:52.0910 7956 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:53:52.0910 7956 SCPolicySvc - ok
16:53:52.0972 7956 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:53:52.0972 7956 SDRSVC - ok
16:53:53.0019 7956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:53:53.0019 7956 secdrv - ok
16:53:53.0050 7956 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:53:53.0050 7956 seclogon - ok
16:53:53.0081 7956 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:53:53.0097 7956 SENS - ok
16:53:53.0128 7956 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:53:53.0128 7956 SensrSvc - ok
16:53:53.0144 7956 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:53:53.0144 7956 Serenum - ok
16:53:53.0175 7956 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:53:53.0175 7956 Serial - ok
16:53:53.0222 7956 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:53:53.0237 7956 sermouse - ok
16:53:53.0300 7956 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:53:53.0315 7956 SessionEnv - ok
16:53:53.0346 7956 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:53:53.0362 7956 sffdisk - ok
16:53:53.0378 7956 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:53:53.0393 7956 sffp_mmc - ok
16:53:53.0409 7956 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:53:53.0409 7956 sffp_sd - ok
16:53:53.0424 7956 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:53:53.0424 7956 sfloppy - ok
16:53:53.0471 7956 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:53:53.0471 7956 SharedAccess - ok
16:53:53.0549 7956 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:53:53.0549 7956 ShellHWDetection - ok
16:53:53.0580 7956 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:53:53.0596 7956 sisagp - ok
16:53:53.0627 7956 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:53:53.0627 7956 SiSRaid2 - ok
16:53:53.0643 7956 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:53:53.0658 7956 SiSRaid4 - ok
16:53:53.0674 7956 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:53:53.0690 7956 Smb - ok
16:53:53.0986 7956 SmcService (0dc94380be7d36ae241029c72807692e) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
16:53:54.0002 7956 SmcService - ok
16:53:54.0064 7956 SNAC (65e1ebf379856b677979802c8d5bcd87) C:\Program Files\Symantec\Symantec Endpoint
Protection\SNAC.EXE
16:53:54.0111 7956 SNAC - ok
16:53:54.0267 7956 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:53:54.0267 7956 SNMPTRAP - ok
16:53:54.0407 7956 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:53:54.0438 7956 SPBBCDrv - ok
16:53:54.0470 7956 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:53:54.0470 7956 spldr - ok
16:53:54.0532 7956 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:53:54.0548 7956 Spooler - ok
16:53:54.0844 7956 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:53:54.0875 7956 sppsvc - ok
16:53:55.0031 7956 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:53:55.0031 7956 sppuinotify - ok
16:53:55.0125 7956 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
16:53:55.0125 7956 SRTSP - ok
16:53:55.0187 7956 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
16:53:55.0219 7956 SRTSPL - ok
16:53:55.0265 7956 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
16:53:55.0265 7956 SRTSPX - ok
16:53:55.0328 7956 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:53:55.0343 7956 srv - ok
16:53:55.0375 7956 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:53:55.0390 7956 srv2 - ok
16:53:55.0406 7956 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:53:55.0421 7956 srvnet - ok
16:53:55.0453 7956 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:53:55.0468 7956 SSDPSRV - ok
16:53:55.0484 7956 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:53:55.0484 7956 SstpSvc - ok
16:53:55.0515 7956 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:53:55.0515 7956 stexstor - ok
16:53:55.0609 7956 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
16:53:55.0624 7956 StillCam - ok
16:53:55.0796 7956 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:53:55.0811 7956 StiSvc - ok
16:53:55.0843 7956 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
16:53:55.0843 7956 storflt - ok
16:53:55.0858 7956 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
16:53:55.0858 7956 StorSvc - ok
16:53:55.0874 7956 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
16:53:55.0889 7956 storvsc - ok
16:53:55.0905 7956 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:53:55.0905 7956 swenum - ok
16:53:55.0952 7956 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:53:55.0983 7956 swprv - ok
16:53:56.0264 7956 Symantec AntiVirus (f3a4ead0b3946e439f0397f7a4d09952) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
16:53:56.0279 7956 Symantec AntiVirus - ok
16:53:56.0482 7956 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
16:53:56.0498 7956 SymEvent - ok
16:53:56.0545 7956 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
16:53:56.0545 7956 SYMREDRV - ok
16:53:56.0576 7956 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
16:53:56.0576 7956 SYMTDI - ok
16:53:56.0732 7956 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:53:56.0747 7956 SysMain - ok
16:53:56.0810 7956 SysPlant (5dcc2c7acc29dfba5ba82ed47d99c7e5) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
16:53:56.0810 7956 SysPlant - ok
16:53:56.0857 7956 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:53:56.0872 7956 TabletInputService - ok
16:53:56.0935 7956 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:53:56.0935 7956 TapiSrv - ok
16:53:56.0966 7956 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:53:56.0981 7956 TBS - ok
16:53:57.0137 7956 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
16:53:57.0184 7956 Tcpip - ok
16:53:57.0465 7956 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
16:53:57.0481 7956 TCPIP6 - ok
16:53:57.0637 7956 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:53:57.0637 7956 tcpipreg - ok
16:53:57.0683 7956 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:53:57.0699 7956 TDPIPE - ok
16:53:57.0730 7956 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:53:57.0746 7956 TDTCP - ok
16:53:57.0793 7956 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:53:57.0808 7956 tdx - ok
16:53:57.0855 7956 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\Windows\system32\DRIVERS\teefer2.sys
16:53:57.0871 7956 Teefer2 - ok
16:53:57.0917 7956 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:53:57.0917 7956 TermDD - ok
16:53:58.0011 7956 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:53:58.0027 7956 TermService - ok
16:53:58.0058 7956 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:53:58.0058 7956 Themes - ok
16:53:58.0089 7956 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:53:58.0089 7956 THREADORDER - ok
16:53:58.0120 7956 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
16:53:58.0120 7956 TPM - ok
16:53:58.0151 7956 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:53:58.0151 7956 TrkWks - ok
16:53:58.0229 7956 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:53:58.0261 7956 TrustedInstaller - ok
16:53:58.0276 7956 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:53:58.0292 7956 tssecsrv - ok
16:53:58.0323 7956 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:53:58.0354 7956 TsUsbFlt - ok
16:53:58.0417 7956 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:53:58.0432 7956 tunnel - ok
16:53:58.0464 7956 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:53:58.0479 7956 uagp35 - ok
16:53:58.0573 7956 uagqecsvc (9474ece6561990f7eb443e80cdfd2951) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
16:53:58.0573 7956 uagqecsvc - ok
16:53:58.0635 7956 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:53:58.0666 7956 udfs - ok
16:53:58.0698 7956 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:53:58.0698 7956 UI0Detect - ok
16:53:58.0744 7956 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:53:58.0744 7956 uliagpkx - ok
16:53:58.0791 7956 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:53:58.0791 7956 umbus - ok
16:53:58.0822 7956 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:53:58.0838 7956 UmPass - ok
16:53:58.0900 7956 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
16:53:58.0900 7956 UmRdpService - ok
16:53:58.0932 7956 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:53:58.0947 7956 upnphost - ok
16:53:58.0994 7956 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:53:58.0994 7956 USBAAPL - ok
16:53:59.0056 7956 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:53:59.0056 7956 usbccgp - ok
16:53:59.0103 7956 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:53:59.0134 7956 usbcir - ok
16:53:59.0166 7956 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:53:59.0166 7956 usbehci - ok
16:53:59.0212 7956 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:53:59.0228 7956 usbhub - ok
16:53:59.0244 7956 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
16:53:59.0244 7956 usbohci - ok
16:53:59.0275 7956 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:53:59.0275 7956 usbprint - ok
16:53:59.0290 7956 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:53:59.0290 7956 usbscan - ok
16:53:59.0322 7956 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:53:59.0322 7956 USBSTOR - ok
16:53:59.0337 7956 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
16:53:59.0337 7956 usbuhci - ok
16:53:59.0384 7956 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:53:59.0384 7956 UxSms - ok
16:53:59.0478 7956 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:53:59.0478 7956 VaultSvc - ok
16:53:59.0524 7956 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:53:59.0524 7956 vdrvroot - ok
16:53:59.0618 7956 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:53:59.0634 7956 vds - ok
16:53:59.0665 7956 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:53:59.0665 7956 vga - ok
16:53:59.0680 7956 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:53:59.0680 7956 VgaSave - ok
16:53:59.0727 7956 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:53:59.0727 7956 vhdmp - ok
16:53:59.0774 7956 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:53:59.0774 7956 viaagp - ok
16:53:59.0805 7956 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:53:59.0805 7956 ViaC7 - ok
16:53:59.0821 7956 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:53:59.0836 7956 viaide - ok
16:53:59.0852 7956 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
16:53:59.0868 7956 vmbus - ok
16:53:59.0868 7956 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
16:53:59.0868 7956 VMBusHID - ok
16:53:59.0899 7956 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:53:59.0899 7956 volmgr - ok
16:53:59.0930 7956 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:53:59.0946 7956 volmgrx - ok
16:53:59.0977 7956 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:53:59.0977 7956 volsnap - ok
16:54:00.0008 7956 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:54:00.0024 7956 vsmraid - ok
16:54:00.0148 7956 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:54:00.0164 7956 VSS - ok
16:54:00.0180 7956 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:54:00.0195 7956 vwifibus - ok
16:54:00.0242 7956 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:54:00.0242 7956 W32Time - ok
16:54:00.0273 7956 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:54:00.0289 7956 WacomPen - ok
16:54:00.0336 7956 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:54:00.0336 7956 WANARP - ok
16:54:00.0336 7956 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:54:00.0336 7956 Wanarpv6 - ok
16:54:00.0507 7956 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:54:00.0554 7956 WatAdminSvc - ok
16:54:00.0866 7956 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:54:00.0882 7956 wbengine - ok
16:54:00.0928 7956 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:54:00.0928 7956 WbioSrvc - ok
16:54:01.0006 7956 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:54:01.0006 7956 wcncsvc - ok
16:54:01.0022 7956 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:54:01.0022 7956 WcsPlugInService - ok
16:54:01.0069 7956 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:54:01.0084 7956 Wd - ok
16:54:01.0131 7956 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:54:01.0147 7956 Wdf01000 - ok
16:54:01.0162 7956 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:54:01.0162 7956 WdiServiceHost - ok
16:54:01.0178 7956 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:54:01.0178 7956 WdiSystemHost - ok
16:54:01.0225 7956 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:54:01.0240 7956 WebClient - ok
16:54:01.0287 7956 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:54:01.0287 7956 Wecsvc - ok
16:54:01.0303 7956 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:54:01.0318 7956 wercplsupport - ok
16:54:01.0334 7956 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:54:01.0350 7956 WerSvc - ok
16:54:01.0381 7956 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:54:01.0381 7956 WfpLwf - ok
16:54:01.0396 7956 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:54:01.0412 7956 WIMMount - ok
16:54:01.0552 7956 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:54:01.0599 7956 WinDefend - ok
16:54:01.0615 7956 WinHttpAutoProxySvc - ok
16:54:01.0662 7956 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:54:01.0693 7956 Winmgmt - ok
16:54:01.0849 7956 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:54:01.0865 7956 WinRM - ok
16:54:01.0927 7956 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:54:01.0943 7956 WinUsb - ok
16:54:02.0021 7956 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:54:02.0052 7956 Wlansvc - ok
16:54:02.0099 7956 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:54:02.0099 7956 WmiAcpi - ok
16:54:02.0161 7956 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:54:02.0223 7956 wmiApSrv - ok
16:54:02.0395 7956 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:54:02.0442 7956 WMPNetworkSvc - ok
16:54:02.0598 7956 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:54:02.0598 7956 WPCSvc - ok
16:54:02.0645 7956 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:54:02.0660 7956 WPDBusEnum - ok
16:54:02.0754 7956 WPS (e8e745b8eee63c7cf7d34833d3b8ca7f) C:\Windows\system32\drivers\wpsdrvnt.sys
16:54:02.0754 7956 WPS - ok
16:54:02.0801 7956 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
16:54:02.0801 7956 WpsHelper - ok
16:54:02.0816 7956 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:54:02.0832 7956 ws2ifsl - ok
16:54:02.0832 7956 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
16:54:02.0847 7956 wscsvc - ok
16:54:02.0847 7956 WSearch - ok
16:54:03.0050 7956 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
16:54:03.0081 7956 wuauserv - ok
16:54:03.0253 7956 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:54:03.0253 7956 WudfPf - ok
16:54:03.0284 7956 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:54:03.0315 7956 WUDFRd - ok
16:54:03.0362 7956 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:54:03.0362 7956 wudfsvc - ok
16:54:03.0393 7956 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:54:03.0409 7956 WwanSvc - ok
16:54:03.0425 7956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:54:03.0456 7956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:54:03.0456 7956 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:54:03.0487 7956 Boot (0x1200) (61210dc8c0e52e4aba3ecfe91b3edbc5) \Device\Harddisk0\DR0\Partition0
16:54:03.0487 7956 \Device\Harddisk0\DR0\Partition0 - ok
16:54:03.0503 7956 Boot (0x1200) (0a7dbc095e6616cdade9535dfc60f455) \Device\Harddisk0\DR0\Partition1
16:54:03.0518 7956 \Device\Harddisk0\DR0\Partition1 - ok
16:54:03.0549 7956 Boot (0x1200) (607d97e02b09d2b0c69208b91771626f) \Device\Harddisk0\DR0\Partition2
16:54:03.0549 7956 \Device\Harddisk0\DR0\Partition2 - ok
16:54:03.0549 7956 ============================================================
16:54:03.0549 7956 Scan finished
16:54:03.0549 7956 ============================================================
16:54:03.0643 7568 Detected object count: 1
16:54:03.0643 7568 Actual detected object count: 1
16:54:26.0296 7568 \Device\Harddisk0\DR0\# - copied to quarantine
16:54:26.0296 7568 \Device\Harddisk0\DR0 - copied to quarantine
16:54:26.0358 7568 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:54:26.0374 7568 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:54:26.0374 7568 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:54:26.0405 7568 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:54:26.0420 7568 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:54:26.0436 7568 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:54:26.0436 7568 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:54:26.0436 7568 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:54:26.0452 7568 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:54:26.0452 7568 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:54:26.0467 7568 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:54:26.0467 7568 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:54:26.0498 7568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:54:26.0498 7568 \Device\Harddisk0\DR0 - ok
16:54:27.0107 7568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:54:32.0177 6156 Deinitialize success
Broni
Posts: 56,041 +516
Good 
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.exe
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.exe
- Double-click on the Rkill icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
ComboFix 12-06-05.04 - drgewirtz 06/06/2012 8:33.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1846 [GMT -4:00]
Running from: c:\users\drgewirtz\Desktop\antiviral\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\drgewirtz\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\drgewirtz\g2mdlhlpx.exe
c:\users\drgewirtz\GoToAssistDownloadHelper.exe
c:\users\Office\GoToAssistDownloadHelper.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 12:42 . 2012-06-06 12:44 -------- d-----w- c:\users\drgewirtz\AppData\Local\temp
2012-06-06 12:42 . 2012-06-06 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-06 12:42 . 2012-06-06 12:42 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-06-05 20:54 . 2012-06-05 20:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-01 12:58 . 2012-06-01 12:58 -------- d-----w- c:\users\drgewirtz\AppData\Roaming\Malwarebytes
2012-06-01 12:56 . 2012-06-01 12:56 -------- d-----w- c:\programdata\Malwarebytes
2012-06-01 12:56 . 2012-06-01 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-01 12:56 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Roaming\ICAClient
2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Local\LogMeIn
2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Local\Intuit
2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Local\Citrix
2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Roaming\Apple Computer
2012-05-21 15:45 . 2012-05-21 15:45 -------- d-----w- c:\users\drgewirtz\AppData\Local\HP
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-05-18 13:20 . 2012-05-18 13:20 -------- d-----w- c:\program files\QuickTime
2012-05-12 02:39 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 02:39 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 02:39 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 02:39 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 02:39 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 02:39 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 02:39 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 02:39 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 02:38 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 02:38 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 12:57 . 2010-11-04 18:45 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 12:57 . 2010-11-04 18:45 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 12:57 . 2010-11-04 18:45 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 12:57 . 2010-11-04 18:45 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-05 13:23 . 2012-04-02 15:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 13:23 . 2011-05-16 13:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 13:23 . 2012-04-16 01:23 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-09-08 22:05 881808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-09-08 22:05 881808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-09-08 22:05 881808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-27 39408]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-08 10025576]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-10-30 115560]
"HP Color LaserJet CM2320 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe" [2009-09-23 2453504]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-29 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-04-09 316864]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-09-08 1016464]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\drgewirtz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2009\QBW32.EXE [2012-3-14 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-11-02 02:39 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-03-16 468368]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1343400]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-29 284160]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-07-10 110592]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-05-22 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-05-31 12856]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2009-12-14 149904]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 6652928]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 232960]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-02 102448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17551534
*NewlyCreated* - 65713946
*Deregistered* - 17551534
*Deregistered* - 65713946
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:23]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 19:06]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 19:06]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3576482904-1308803037-2723772800-1000Core.job
- c:\users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 16:21]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3576482904-1308803037-2723772800-1000UA.job
- c:\users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 16:21]
.
2012-05-30 c:\windows\Tasks\HPCeeScheduleFordrgewirtz.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\progra~1\MICROS~2\ENDPOI~1\318FB7~1.0\WhlLSP.dll
Trusted Zone: gatewayedi.com\mytools
Trusted Zone: gewirtz-server
Trusted Zone: infinittna.com\sn
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{42E0AB8B-0713-409B-8232-95614B27EFCB}: NameServer = 192.168.111.16,192.168.111.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: MIW Deployment - hxxps://pacs.ramicimaging.com/downloads/MIWDeploy.cab
DPF: {786E2AA4-522B-4AE3-910C-1E8EB4D32239} - hxxps://sn.infinittna.com/SmartUpdate.Cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-06 08:55:51
ComboFix-quarantined-files.txt 2012-06-06 12:55
.
Pre-Run: 78,777,520,128 bytes free
Post-Run: 79,405,350,912 bytes free
.
- - End Of File - - 346F8C9E5C0A995EE64B75566C7FF094
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1846 [GMT -4:00]
Running from: c:\users\drgewirtz\Desktop\antiviral\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\drgewirtz\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\drgewirtz\g2mdlhlpx.exe
c:\users\drgewirtz\GoToAssistDownloadHelper.exe
c:\users\Office\GoToAssistDownloadHelper.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 12:42 . 2012-06-06 12:44 -------- d-----w- c:\users\drgewirtz\AppData\Local\temp
2012-06-06 12:42 . 2012-06-06 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-06 12:42 . 2012-06-06 12:42 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-06-05 20:54 . 2012-06-05 20:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-01 12:58 . 2012-06-01 12:58 -------- d-----w- c:\users\drgewirtz\AppData\Roaming\Malwarebytes
2012-06-01 12:56 . 2012-06-01 12:56 -------- d-----w- c:\programdata\Malwarebytes
2012-06-01 12:56 . 2012-06-01 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-01 12:56 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Roaming\ICAClient
2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Local\LogMeIn
2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Local\Intuit
2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Local\Citrix
2012-06-01 12:36 . 2012-06-01 12:36 -------- d-----w- c:\users\administrator\AppData\Roaming\Apple Computer
2012-05-21 15:45 . 2012-05-21 15:45 -------- d-----w- c:\users\drgewirtz\AppData\Local\HP
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-18 13:20 . 2012-05-18 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-05-18 13:20 . 2012-05-18 13:20 -------- d-----w- c:\program files\QuickTime
2012-05-12 02:39 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 02:39 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 02:39 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 02:39 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 02:39 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 02:39 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 02:39 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 02:39 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 02:38 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 02:38 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 12:57 . 2010-11-04 18:45 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 12:57 . 2010-11-04 18:45 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 12:57 . 2010-11-04 18:45 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 12:57 . 2010-11-04 18:45 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-05 13:23 . 2012-04-02 15:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 13:23 . 2011-05-16 13:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 13:23 . 2012-04-16 01:23 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-09-08 22:05 881808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-09-08 22:05 881808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-09-08 22:05 881808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-27 39408]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-08 10025576]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-10-30 115560]
"HP Color LaserJet CM2320 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe" [2009-09-23 2453504]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-29 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-04-09 316864]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-09-08 1016464]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\drgewirtz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\drgewirtz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2009\QBW32.EXE [2012-3-14 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-11-02 02:39 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-03-16 468368]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1343400]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-29 284160]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-07-10 110592]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-05-22 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-05-31 12856]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2009-12-14 149904]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 6652928]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 232960]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-02 102448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17551534
*NewlyCreated* - 65713946
*Deregistered* - 17551534
*Deregistered* - 65713946
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:23]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 19:06]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 19:06]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3576482904-1308803037-2723772800-1000Core.job
- c:\users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 16:21]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3576482904-1308803037-2723772800-1000UA.job
- c:\users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 16:21]
.
2012-05-30 c:\windows\Tasks\HPCeeScheduleFordrgewirtz.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\progra~1\MICROS~2\ENDPOI~1\318FB7~1.0\WhlLSP.dll
Trusted Zone: gatewayedi.com\mytools
Trusted Zone: gewirtz-server
Trusted Zone: infinittna.com\sn
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{42E0AB8B-0713-409B-8232-95614B27EFCB}: NameServer = 192.168.111.16,192.168.111.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: MIW Deployment - hxxps://pacs.ramicimaging.com/downloads/MIWDeploy.cab
DPF: {786E2AA4-522B-4AE3-910C-1E8EB4D32239} - hxxps://sn.infinittna.com/SmartUpdate.Cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-06 08:55:51
ComboFix-quarantined-files.txt 2012-06-06 12:55
.
Pre-Run: 78,777,520,128 bytes free
Post-Run: 79,405,350,912 bytes free
.
- - End Of File - - 346F8C9E5C0A995EE64B75566C7FF094
Similar threads
Latest posts
-
Ford is losing boatloads of money on every electric vehicle sold- Jigs Gaton replied
-
Generative AI could soon decimate the call center industry, says CEO
- Jigs Gaton replied
-
BlizzGone: Blizzard cancels 2024 convention but promises an eventual return- Superconductor replied
