waveofbabies
Posts: 20 +0
Now it's telling me AVG is still installed even though I ran the removal tool yesterday and cannot find it in the control panel
Inactive Three Trojans stuck in System Registry
- Thread starter waveofbabies
- Start date
waveofbabies
Posts: 20 +0
Its also saying that I am infected with Rootkit.ZeroAccess. Can you explain to me what's going on?
waveofbabies
Posts: 20 +0
When combofix finished, a window popped up saying Combofix has detected the presence of rootkit activity and needs to reboot the machine. After doing this, I rebooted into safemode but still no log and no internet access. I;m assuming that I will still get a blue screen were i to boot with a normal startup.
Broni
Posts: 56,041 +516
Download Bootkit Remover to your Desktop.
============================================================
Please download and run ListParts by Farbar (for 32-bit system)
Please download and run ListParts64 by Farbar (for 64-bit system)
Click on Scan button.
Scan result will open in Notepad.
Post it in your next reply.
- Unzip downloaded file to your Desktop.
- Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
- It will show a Black screen with some data on it.
- Right click on the screen and click Select All.
- Press CTRL+C
- Open a Notepad and press CTRL+V
- Post the output back here.
============================================================
Please download and run ListParts by Farbar (for 32-bit system)
Please download and run ListParts64 by Farbar (for 64-bit system)
Click on Scan button.
Scan result will open in Notepad.
Post it in your next reply.
waveofbabies
Posts: 20 +0
.\debug.cpp(238) : Debug log started at 14.01.2012 - 08:37:28
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x81c3e000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x81c0b000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x82206000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8220d000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8227d000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8228e000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x82296000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x822d7000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x823b7000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x8280c000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x8282a000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x82851000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x82860000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x8286f000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x828b9000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x828c0000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x828ce000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x828de000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x828e6000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x82904000 0x0000d000 "\SystemRoot\system32\drivers\nvstor.sys"
.\debug.cpp(256) : 0x82911000 0x00041000 "\SystemRoot\system32\drivers\storport.sys"
.\debug.cpp(256) : 0x82952000 0x0001d000 "\SystemRoot\system32\DRIVERS\nvstor32.sys"
.\debug.cpp(256) : 0x8296f000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x829a1000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x82a02000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x82a73000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x82b7e000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x82ba9000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8a203000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8a2ed000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8a40b000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8a51b000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8a55c000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8a56b000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x8a592000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x8a5a3000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8a5c4000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x8a400000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x8a325000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x8a5e4000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8a363000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8a5f3000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x8a37b000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys"
.\debug.cpp(256) : 0x8a38b000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0x8e203000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8e290000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x8e2bf000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8e2ca000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8e2da000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8e2e5000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8e2f0000 0x0000c000 "\SystemRoot\system32\DRIVERS\VClone.sys"
.\debug.cpp(256) : 0x8e2fc000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0x8e322000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8e324000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x8e34e000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x8e372000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x8e3a7000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x8e3b0000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8e3b7000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8e3be000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8e3ca000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8e3eb000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8e358000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8e363000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8e3f7000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x8a399000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8a5f9000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8e200000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x8a554000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x8a3b2000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8a3bf000 0x0000a000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
.\debug.cpp(256) : 0x8a3c9000 0x0001d000 "\SystemRoot\System32\Drivers\dump_nvstor32.sys"
.\debug.cpp(256) : 0x95e10000 0x00204000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x8a3e6000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x96020000 0x00017000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0x96050000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x960d0000 0x00008000 "\SystemRoot\System32\framebuf.dll"
.\debug.cpp(256) : 0x8a308000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x829b1000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x8a5cd000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x8a3a9000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x77270000 0x00128000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7190A_________________1.01____#5&1e9e9c82&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\RaidPort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-ROM_GDR-H30N_______________1.00____#5&1e9e9c82&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C31C#5&1726fcb8&0&8#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\RaidPort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) : Destination "\Device\Scsi\VClone1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination "\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026E&SUBSYS_73501462&REV_A3#3&267a616a&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_077B&Col01#6&2993a6c4&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0267&SUBSYS_73501462&REV_A1#3&267a616a&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0029"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_077B&Col02#6&2993a6c4&0&0001#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_077B#5&1726fcb8&0&7#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2"
.\debug.cpp(400) : Destination "\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321a0af2&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f87250a1-14ed-11e0-9c55-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f872509d-14ed-11e0-9c55-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-ROM_GDR-H30N_______________1.00____#5&1e9e9c82&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_01&Col02#7&2dc0306a&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_00#7&3732fdc6&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy20"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy20"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_01&Col01#7&2dc0306a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy21"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy21"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2358b498&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy22"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy22"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_077B&Col02#6&2993a6c4&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureC3265750Offset100000Length4A85B00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy19"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy19"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7190A_________________1.01____#5&1e9e9c82&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_00#7&3732fdc6&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Scsi\VClone1Port5Path0Target0Lun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0266&SUBSYS_73501462&REV_A1#3&267a616a&0&70#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0028"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Scsi\VClone1Port5Path0Target0Lun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026D&SUBSYS_73501462&REV_A3#3&267a616a&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_01&Col03#7&2dc0306a&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f87250a0-14ed-11e0-9c55-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_350D1462&REV_C0#4&5505873&0&4880#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\RaidPort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{031c4fef-2c4c-11e1-bb7d-0019dbf26a19}"
.\debug.cpp(400) : Destination "\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-00VWA#4&12a0b57c&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&38c7fd0b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321a0af2&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;
ListParts by Farbar
Ran by Administrator on 14-01-2012 at 03:38:26
Windows Vista (X86)
Running From: F:\
************************************************************
========================= Memory info ======================
Percentage of memory in use: 11%
Total physical RAM: 3070.45 MB
Available physical RAM: 2702.45 MB
Total Pagefile: 6339.93 MB
Available Pagefile: 6162.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.05 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:298.09 GB) (Free:54.43 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.43 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7650 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 298 GB Healthy System (partition with boot components)
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7646 MB 4032 KB
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT32 Removable 7646 MB Healthy
****** End Of Log ******
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x81c3e000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x81c0b000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x82206000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8220d000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8227d000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8228e000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x82296000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x822d7000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x823b7000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x8280c000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x8282a000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x82851000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x82860000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x8286f000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x828b9000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x828c0000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x828ce000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x828de000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x828e6000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x82904000 0x0000d000 "\SystemRoot\system32\drivers\nvstor.sys"
.\debug.cpp(256) : 0x82911000 0x00041000 "\SystemRoot\system32\drivers\storport.sys"
.\debug.cpp(256) : 0x82952000 0x0001d000 "\SystemRoot\system32\DRIVERS\nvstor32.sys"
.\debug.cpp(256) : 0x8296f000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x829a1000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x82a02000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x82a73000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x82b7e000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x82ba9000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8a203000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8a2ed000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8a40b000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8a51b000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8a55c000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8a56b000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x8a592000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x8a5a3000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8a5c4000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x8a400000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x8a325000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x8a5e4000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8a363000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8a5f3000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x8a37b000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys"
.\debug.cpp(256) : 0x8a38b000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0x8e203000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8e290000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x8e2bf000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8e2ca000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8e2da000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8e2e5000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8e2f0000 0x0000c000 "\SystemRoot\system32\DRIVERS\VClone.sys"
.\debug.cpp(256) : 0x8e2fc000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0x8e322000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8e324000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x8e34e000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x8e372000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x8e3a7000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x8e3b0000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8e3b7000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8e3be000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8e3ca000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8e3eb000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8e358000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8e363000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8e3f7000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x8a399000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8a5f9000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8e200000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x8a554000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x8a3b2000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8a3bf000 0x0000a000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
.\debug.cpp(256) : 0x8a3c9000 0x0001d000 "\SystemRoot\System32\Drivers\dump_nvstor32.sys"
.\debug.cpp(256) : 0x95e10000 0x00204000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x8a3e6000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x96020000 0x00017000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0x96050000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x960d0000 0x00008000 "\SystemRoot\System32\framebuf.dll"
.\debug.cpp(256) : 0x8a308000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x829b1000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x8a5cd000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x8a3a9000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x77270000 0x00128000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7190A_________________1.01____#5&1e9e9c82&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\RaidPort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-ROM_GDR-H30N_______________1.00____#5&1e9e9c82&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C31C#5&1726fcb8&0&8#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\RaidPort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) : Destination "\Device\Scsi\VClone1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination "\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026E&SUBSYS_73501462&REV_A3#3&267a616a&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_077B&Col01#6&2993a6c4&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0267&SUBSYS_73501462&REV_A1#3&267a616a&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0029"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_077B&Col02#6&2993a6c4&0&0001#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_077B#5&1726fcb8&0&7#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2"
.\debug.cpp(400) : Destination "\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321a0af2&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f87250a1-14ed-11e0-9c55-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f872509d-14ed-11e0-9c55-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-ROM_GDR-H30N_______________1.00____#5&1e9e9c82&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_01&Col02#7&2dc0306a&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_00#7&3732fdc6&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy20"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy20"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_01&Col01#7&2dc0306a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy21"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy21"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2358b498&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy22"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy22"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_077B&Col02#6&2993a6c4&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureC3265750Offset100000Length4A85B00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy19"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy19"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7190A_________________1.01____#5&1e9e9c82&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_00#7&3732fdc6&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Scsi\VClone1Port5Path0Target0Lun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0266&SUBSYS_73501462&REV_A1#3&267a616a&0&70#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0028"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Scsi\VClone1Port5Path0Target0Lun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026D&SUBSYS_73501462&REV_A3#3&267a616a&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_01&Col03#7&2dc0306a&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f87250a0-14ed-11e0-9c55-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_350D1462&REV_C0#4&5505873&0&4880#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\RaidPort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{031c4fef-2c4c-11e1-bb7d-0019dbf26a19}"
.\debug.cpp(400) : Destination "\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-00VWA#4&12a0b57c&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&38c7fd0b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321a0af2&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;
ListParts by Farbar
Ran by Administrator on 14-01-2012 at 03:38:26
Windows Vista (X86)
Running From: F:\
************************************************************
========================= Memory info ======================
Percentage of memory in use: 11%
Total physical RAM: 3070.45 MB
Available physical RAM: 2702.45 MB
Total Pagefile: 6339.93 MB
Available Pagefile: 6162.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.05 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:298.09 GB) (Free:54.43 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.43 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7650 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 298 GB Healthy System (partition with boot components)
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7646 MB 4032 KB
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT32 Removable 7646 MB Healthy
****** End Of Log ******
waveofbabies
Posts: 20 +0
Yes, I'm getting the message about rootkit. Honestly dude, are we anywhere close to fixing this? I'm thinking to just screw it and reformat.
Broni
Posts: 56,041 +516
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.
Let me know if the commands ran successfully.
Restart computer.
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.
Let me know if the commands ran successfully.
Restart computer.
waveofbabies
Posts: 20 +0
I typed in netsh int ip reset reset. log and got "There is no user specified setting to be reset.
I typed in nesh winsock reset catalog and got successfully reset the winsock catalog. I am restarting now.
I typed in nesh winsock reset catalog and got successfully reset the winsock catalog. I am restarting now.
waveofbabies
Posts: 20 +0
I am just going to format Broni. Thx for your help...
