Jump to content

Constant blocked attacks on my PC from "swltcho81.com"

Leniadlapa

By Leniadlapa
in Resolved Malware Removal Logs

 Share

Recommended Posts

Maniac

Maniac

Posted
Posted

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.

  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a
    .ZIP
    file.

  • Click OK and quit the GMER program.

Link to post
Share on other sites
Leniadlapa

Leniadlapa

Posted
  • Author
Posted

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-12-20 02:39:50

Windows 6.1.7600

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????????? ?????????????????????,??????????????????????s?????? ???????????????????????????????????????f????????????????????????????????p?????????????????0????????????????\???????????????????? ?????????????????????????????????????? ??????????????????? ?????????????????????,??????????????#?????DISPLAY\Default_Monitor\5&47b6347&1&UID1048849??????\\?\DISPLAY#Default_Monitor#5&47b6347&1&UID1048849#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}???? ?????????????????????,??????????????#??????y?y?y?y?z?z?y?z?????????z???????????????????<? ??? ??? ?4? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ?>? ??????? ??????? ??????? ??? ??? ??? ??? ??? ??????? ??? ??? ??? ??? ??? ??? ??? ?D? ??? ???'??? ??????????????? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??????P????????????(??????P????????????(??????P?????????????P???????????????????????????????????????????????????????????????? ???????.??????????????????????`???Z??????????????????????????????????????????????wal??STORAGE\VOLUMESNAPSHOT\HARDDISKVOLU

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Are you connected via a router?

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Link to post
Share on other sites
Leniadlapa

Leniadlapa

Posted
  • Author
Posted

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: Gateway

System Product Name: DX4831

Logical Drives Mask: 0x000001fc

Kernel Drivers (total 195):

0x02E0D000 \SystemRoot\system32\ntoskrnl.exe

0x033E9000 \SystemRoot\system32\hal.dll

0x00BAE000 \SystemRoot\system32\kdcom.dll

0x00C78000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CBC000 \SystemRoot\system32\PSHED.dll

0x00CD0000 \SystemRoot\system32\CLFS.SYS

0x00D2E000 \SystemRoot\system32\CI.dll

0x00E1C000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EC0000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00ECF000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F26000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F2F000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F39000 \SystemRoot\system32\DRIVERS\pci.sys

0x00F6C000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00F79000 \SystemRoot\System32\drivers\partmgr.sys

0x00F8E000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00FA3000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys

0x0103E000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x0115A000 \SystemRoot\system32\DRIVERS\atapi.sys

0x01163000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x0118D000 \SystemRoot\system32\DRIVERS\msahci.sys

0x01198000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x011A8000 \SystemRoot\system32\DRIVERS\jraid.sys

0x011C6000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x011F5000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys

0x01000000 \SystemRoot\system32\drivers\fileinfo.sys

0x012D6000 \SystemRoot\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS

0x0133D000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01406000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01349000 \SystemRoot\System32\Drivers\msrpc.sys

0x015A9000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01200000 \SystemRoot\System32\Drivers\cng.sys

0x015C3000 \SystemRoot\System32\drivers\pcw.sys

0x015D4000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x016DF000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\NETIO.SYS

0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01802000 \SystemRoot\System32\drivers\tcpip.sys

0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01273000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x016D5000 \SystemRoot\System32\Drivers\spldr.sys

0x013A7000 \SystemRoot\System32\drivers\rdyboost.sys

0x017D1000 \SystemRoot\System32\Drivers\mup.sys

0x017E3000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01A1E000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01A58000 \SystemRoot\system32\DRIVERS\disk.sys

0x01A6E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01014000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01BDB000 \SystemRoot\System32\Drivers\Null.SYS

0x01BE4000 \SystemRoot\System32\Drivers\Beep.SYS

0x01BEB000 \SystemRoot\System32\drivers\vga.sys

0x00C4C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01A00000 \SystemRoot\System32\drivers\watchdog.sys

0x01A10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x017EC000 \SystemRoot\system32\drivers\rdpencdd.sys

0x017F5000 \SystemRoot\system32\drivers\rdprefmp.sys

0x015DE000 \SystemRoot\System32\Drivers\Msfs.SYS

0x015E9000 \SystemRoot\System32\Drivers\Npfs.SYS

0x013E1000 \SystemRoot\system32\DRIVERS\tdx.sys

0x012BF000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02E5B000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS

0x02EA7000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

0x02EDD000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS

0x02EED000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS

0x02F0F000 \SystemRoot\system32\drivers\afd.sys

0x02F99000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02FDE000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02E00000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02E26000 \SystemRoot\system32\DRIVERS\SymIMv.sys

0x02E31000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02E40000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02FE7000 \SystemRoot\system32\DRIVERS\termdd.sys

0x04062000 \SystemRoot\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS

0x04076000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x040C7000 \SystemRoot\system32\drivers\nsiproxy.sys

0x040D3000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x04159000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

0x041CF000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x04000000 \SystemRoot\System32\drivers\discache.sys

0x0400F000 \SystemRoot\System32\Drivers\dfsc.sys

0x0426C000 \SystemRoot\System32\Drivers\NISx64\1008000.029\ccHPx64.sys

0x042FF000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x04310000 \SystemRoot\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys

0x04367000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0438D000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x10065000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x10CF7000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x10CF9000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x10000000 \SystemRoot\System32\drivers\dxgmms1.sys

0x10046000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x043A3000 \SystemRoot\system32\DRIVERS\e1k62x64.sys

0x10DED000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x0402D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x044BB000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x044F9000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x04517000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04526000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x0452F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x0453F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x04555000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x04579000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x04585000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x045B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x045CF000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x04400000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x0441A000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04429000 \SystemRoot\system32\DRIVERS\swenum.sys

0x0442B000 \SystemRoot\system32\DRIVERS\ks.sys

0x0446E000 \SystemRoot\system32\DRIVERS\umbus.sys

0x04E7E000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04ED8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x05010000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x04EED000 \SystemRoot\system32\drivers\portcls.sys

0x04F2A000 \SystemRoot\system32\drivers\drmk.sys

0x05000000 \SystemRoot\system32\drivers\ksthunk.sys

0x04F4C000 \SystemRoot\System32\Drivers\crashdmp.sys

0x01A9E000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x04F5A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x04F6D000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05006000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04F8A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x04FA5000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04FB3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04FCC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x04FD5000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x00000000 \SystemRoot\System32\win32k.sys

0x04FE2000 \SystemRoot\System32\drivers\Dxapi.sys

0x04FEE000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00430000 \SystemRoot\System32\TSDDD.dll

0x00790000 \SystemRoot\System32\cdd.dll

0x00840000 \SystemRoot\System32\ATMFD.DLL

0x04E00000 \SystemRoot\system32\drivers\luafv.sys

0x04E23000 \SystemRoot\system32\drivers\WudfPf.sys

0x04E44000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x04E59000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0541B000 \SystemRoot\system32\drivers\HTTP.sys

0x054E3000 \SystemRoot\system32\DRIVERS\bowser.sys

0x05501000 \SystemRoot\System32\drivers\mpsdrv.sys

0x05519000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x05546000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x05594000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x05817000 \SystemRoot\system32\drivers\peauth.sys

0x058BD000 \SystemRoot\System32\Drivers\secdrv.SYS

0x058C8000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x058F5000 \SystemRoot\System32\drivers\tcpipreg.sys

0x05907000 \SystemRoot\System32\DRIVERS\srv2.sys

0x05ED7000 \SystemRoot\System32\DRIVERS\srv.sys

0x05F6D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x05E00000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS

0x06630000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101220.002\EX64.SYS

0x06600000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101220.002\ENG64.SYS

0x0596E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101217.001\IDSvia64.sys

0x778B0000 \Windows\System32\ntdll.dll

0x47670000 \Windows\System32\smss.exe

0xFFBD0000 \Windows\System32\apisetschema.dll

0xFF8A0000 \Windows\System32\autochk.exe

0xFF9B0000 \Windows\System32\ole32.dll

0xFF980000 \Windows\System32\imm32.dll

0xFF900000 \Windows\System32\difxapi.dll

0xFF720000 \Windows\System32\setupapi.dll

0xFF6A0000 \Windows\System32\shlwapi.dll

0xFF440000 \Windows\System32\iertutil.dll

0xFF3A0000 \Windows\System32\clbcatq.dll

0xFF390000 \Windows\System32\nsi.dll

0xFF260000 \Windows\System32\rpcrt4.dll

0xFF130000 \Windows\System32\wininet.dll

0x77A80000 \Windows\System32\normaliz.dll

0xFF020000 \Windows\System32\msctf.dll

0xFEEA0000 \Windows\System32\urlmon.dll

0xFEDC0000 \Windows\System32\advapi32.dll

0xFED50000 \Windows\System32\gdi32.dll

0xFECB0000 \Windows\System32\msvcrt.dll

0x777B0000 \Windows\System32\user32.dll

0xFEC60000 \Windows\System32\Wldap32.dll

0xFEC50000 \Windows\System32\lpk.dll

0xFEC30000 \Windows\System32\imagehlp.dll

0xFEB90000 \Windows\System32\comdlg32.dll

0xFDE00000 \Windows\System32\shell32.dll

0x77A70000 \Windows\System32\psapi.dll

0xFDD20000 \Windows\System32\oleaut32.dll

0x77690000 \Windows\System32\kernel32.dll

0xFDC50000 \Windows\System32\usp10.dll

0xFDC30000 \Windows\System32\sechost.dll

0xFDBE0000 \Windows\System32\ws2_32.dll

0xFDB40000 \Windows\System32\comctl32.dll

0xFDB00000 \Windows\System32\wintrust.dll

0xFDAE0000 \Windows\System32\devobj.dll

0xFD970000 \Windows\System32\crypt32.dll

0xFD930000 \Windows\System32\cfgmgr32.dll

0xFD8C0000 \Windows\System32\KernelBase.dll

0xFD8B0000 \Windows\System32\msasn1.dll

0x75E20000 \Windows\SysWOW64\normaliz.dll

Processes (total 57):

0 System Idle Process

4 System

328 C:\Windows\System32\smss.exe

456 csrss.exe

516 C:\Windows\System32\wininit.exe

532 csrss.exe

584 C:\Windows\System32\services.exe

600 C:\Windows\System32\lsass.exe

608 C:\Windows\System32\lsm.exe

700 C:\Windows\System32\winlogon.exe

800 C:\Windows\System32\svchost.exe

868 C:\Windows\System32\nvvsvc.exe

920 C:\Windows\System32\svchost.exe

124 C:\Windows\System32\svchost.exe

364 C:\Windows\System32\svchost.exe

544 C:\Windows\System32\svchost.exe

1036 C:\Windows\System32\svchost.exe

1060 C:\Windows\System32\nvvsvc.exe

1188 C:\Windows\System32\svchost.exe

1384 C:\Windows\System32\spoolsv.exe

1420 C:\Windows\System32\svchost.exe

1536 C:\Windows\System32\svchost.exe

1592 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

1672 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

1716 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

1792 C:\Windows\System32\svchost.exe

1856 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

2024 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

1152 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2104 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2404 C:\Windows\System32\svchost.exe

2440 WUDFHost.exe

2300 C:\Windows\System32\taskhost.exe

1508 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

2864 C:\Windows\System32\dwm.exe

3020 C:\Windows\explorer.exe

3544 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

3556 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

3584 C:\Program Files (x86)\Glary Utilities\memdefrag.exe

3856 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

3864 C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe

3880 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3948 C:\Windows\System32\SearchIndexer.exe

3500 C:\Program Files\Windows Media Player\wmpnetwk.exe

3260 C:\Windows\System32\svchost.exe

4032 dllhost.exe

1380 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

4276 C:\Windows\System32\taskhost.exe

888 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

3516 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

4884 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

3028 C:\Windows\System32\audiodg.exe

2416 C:\Windows\System32\SearchProtocolHost.exe

4520 C:\Windows\System32\SearchFilterHost.exe

3280 C:\Windows\System32\dllhost.exe

1920 C:\Users\Daniel\Desktop\MBRCheck.exe

4688 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD10EADS-22M2B0, Rev: 01.00A01

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done!

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

This little sweetheart, I got it. Thank you!

  1. Download Bootkit remover to your Desktop.
  2. Extract Remover to your desktop.
  3. Open Notepad. Copy and paste the following text into it:
    @ECHO OFF
    START remover.exe fix \\.\PhysicalDrive0
    EXIT


  4. Save it as Fix.bat at the desktop. Make sure the Save as type: is All Files (*.*).
  5. Double click on Fix.bat to run it. Allow if prompted by any security software.
  6. Finally, please post your log file in your next reply.

Link to post
Share on other sites
Leniadlapa

Leniadlapa

Posted
  • Author
Posted

.\debug.cpp(238) : Debug log started at 21.12.2010 - 15:37:37

.\boot_cleaner.cpp(527) : Bootkit Remover

.\boot_cleaner.cpp(528) : © 2009 eSage Lab

.\boot_cleaner.cpp(529) : www.esagelab.com

.\boot_cleaner.cpp(533) : Program version: 1.2.0.0

.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

.\debug.cpp(248) : **********************************************

.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********

.\debug.cpp(250) : **********************************************

.\debug.cpp(256) : 0x02e0d000 0x005dc000 "\SystemRoot\system32\ntoskrnl.exe"

.\debug.cpp(256) : 0x033e9000 0x00049000 "\SystemRoot\system32\hal.dll"

.\debug.cpp(256) : 0x00bae000 0x00003000 "\SystemRoot\system32\kdcom.dll"

.\debug.cpp(256) : 0x00c78000 0x00044000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"

.\debug.cpp(256) : 0x00cbc000 0x00014000 "\SystemRoot\system32\PSHED.dll"

.\debug.cpp(256) : 0x00cd0000 0x0005e000 "\SystemRoot\system32\CLFS.SYS"

.\debug.cpp(256) : 0x00d2e000 0x000c0000 "\SystemRoot\system32\CI.dll"

.\debug.cpp(256) : 0x00e1c000 0x000a4000 "\SystemRoot\system32\drivers\Wdf01000.sys"

.\debug.cpp(256) : 0x00ec0000 0x0000f000 "\SystemRoot\system32\drivers\WDFLDR.SYS"

.\debug.cpp(256) : 0x00ecf000 0x00057000 "\SystemRoot\system32\DRIVERS\ACPI.sys"

.\debug.cpp(256) : 0x00f26000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"

.\debug.cpp(256) : 0x00f2f000 0x0000a000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"

.\debug.cpp(256) : 0x00f39000 0x00033000 "\SystemRoot\system32\DRIVERS\pci.sys"

.\debug.cpp(256) : 0x00f6c000 0x0000d000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"

.\debug.cpp(256) : 0x00f79000 0x00015000 "\SystemRoot\System32\drivers\partmgr.sys"

.\debug.cpp(256) : 0x00f8e000 0x00015000 "\SystemRoot\system32\DRIVERS\volmgr.sys"

.\debug.cpp(256) : 0x00fa3000 0x0005c000 "\SystemRoot\System32\drivers\volmgrx.sys"

.\debug.cpp(256) : 0x00e00000 0x0001a000 "\SystemRoot\System32\drivers\mountmgr.sys"

.\debug.cpp(256) : 0x0103e000 0x0011c000 "\SystemRoot\system32\DRIVERS\iaStor.sys"

.\debug.cpp(256) : 0x0115a000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"

.\debug.cpp(256) : 0x01163000 0x0002a000 "\SystemRoot\system32\DRIVERS\ataport.SYS"

.\debug.cpp(256) : 0x0118d000 0x0000b000 "\SystemRoot\system32\DRIVERS\msahci.sys"

.\debug.cpp(256) : 0x01198000 0x00010000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"

.\debug.cpp(256) : 0x011a8000 0x0001e000 "\SystemRoot\system32\DRIVERS\jraid.sys"

.\debug.cpp(256) : 0x011c6000 0x0002f000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"

.\debug.cpp(256) : 0x011f5000 0x0000b000 "\SystemRoot\system32\DRIVERS\amdxata.sys"

.\debug.cpp(256) : 0x00c00000 0x0004c000 "\SystemRoot\system32\drivers\fltmgr.sys"

.\debug.cpp(256) : 0x01000000 0x00014000 "\SystemRoot\system32\drivers\fileinfo.sys"

.\debug.cpp(256) : 0x012d6000 0x00067000 "\SystemRoot\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS"

.\debug.cpp(256) : 0x0133d000 0x0000c000 "\SystemRoot\System32\Drivers\PxHlpa64.sys"

.\debug.cpp(256) : 0x01406000 0x001a3000 "\SystemRoot\System32\Drivers\Ntfs.sys"

.\debug.cpp(256) : 0x01349000 0x0005e000 "\SystemRoot\System32\Drivers\msrpc.sys"

.\debug.cpp(256) : 0x015a9000 0x0001a000 "\SystemRoot\System32\Drivers\ksecdd.sys"

.\debug.cpp(256) : 0x01200000 0x00073000 "\SystemRoot\System32\Drivers\cng.sys"

.\debug.cpp(256) : 0x015c3000 0x00011000 "\SystemRoot\System32\drivers\pcw.sys"

.\debug.cpp(256) : 0x015d4000 0x0000a000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"

.\debug.cpp(256) : 0x016df000 0x000f2000 "\SystemRoot\system32\drivers\ndis.sys"

.\debug.cpp(256) : 0x01600000 0x00060000 "\SystemRoot\system32\drivers\NETIO.SYS"

.\debug.cpp(256) : 0x01660000 0x0002b000 "\SystemRoot\System32\Drivers\ksecpkg.sys"

.\debug.cpp(256) : 0x01802000 0x001fd000 "\SystemRoot\System32\drivers\tcpip.sys"

.\debug.cpp(256) : 0x0168b000 0x0004a000 "\SystemRoot\System32\drivers\fwpkclnt.sys"

.\debug.cpp(256) : 0x01273000 0x0004c000 "\SystemRoot\system32\DRIVERS\volsnap.sys"

.\debug.cpp(256) : 0x016d5000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"

.\debug.cpp(256) : 0x013a7000 0x0003a000 "\SystemRoot\System32\drivers\rdyboost.sys"

.\debug.cpp(256) : 0x017d1000 0x00012000 "\SystemRoot\System32\Drivers\mup.sys"

.\debug.cpp(256) : 0x017e3000 0x00009000 "\SystemRoot\System32\drivers\hwpolicy.sys"

.\debug.cpp(256) : 0x01a1e000 0x0003a000 "\SystemRoot\System32\DRIVERS\fvevol.sys"

.\debug.cpp(256) : 0x01a58000 0x00016000 "\SystemRoot\system32\DRIVERS\disk.sys"

.\debug.cpp(256) : 0x01a6e000 0x00030000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"

.\debug.cpp(256) : 0x01014000 0x0002a000 "\SystemRoot\system32\DRIVERS\cdrom.sys"

.\debug.cpp(256) : 0x01bdb000 0x00009000 "\SystemRoot\System32\Drivers\Null.SYS"

.\debug.cpp(256) : 0x01be4000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"

.\debug.cpp(256) : 0x01beb000 0x0000e000 "\SystemRoot\System32\drivers\vga.sys"

.\debug.cpp(256) : 0x00c4c000 0x00025000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"

.\debug.cpp(256) : 0x01a00000 0x00010000 "\SystemRoot\System32\drivers\watchdog.sys"

.\debug.cpp(256) : 0x01a10000 0x00009000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"

.\debug.cpp(256) : 0x017ec000 0x00009000 "\SystemRoot\system32\drivers\rdpencdd.sys"

.\debug.cpp(256) : 0x017f5000 0x00009000 "\SystemRoot\system32\drivers\rdprefmp.sys"

.\debug.cpp(256) : 0x015de000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"

.\debug.cpp(256) : 0x015e9000 0x00011000 "\SystemRoot\System32\Drivers\Npfs.SYS"

.\debug.cpp(256) : 0x013e1000 0x0001e000 "\SystemRoot\system32\DRIVERS\tdx.sys"

.\debug.cpp(256) : 0x012bf000 0x0000d000 "\SystemRoot\system32\DRIVERS\TDI.SYS"

.\debug.cpp(256) : 0x02e5b000 0x0004c000 "\SystemRoot\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS"

.\debug.cpp(256) : 0x02ea7000 0x00036000 "\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS"

.\debug.cpp(256) : 0x02edd000 0x00010000 "\SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS"

.\debug.cpp(256) : 0x02eed000 0x00022000 "\SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS"

.\debug.cpp(256) : 0x02f0f000 0x0008a000 "\SystemRoot\system32\drivers\afd.sys"

.\debug.cpp(256) : 0x02f99000 0x00045000 "\SystemRoot\System32\DRIVERS\netbt.sys"

.\debug.cpp(256) : 0x02fde000 0x00009000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"

.\debug.cpp(256) : 0x02e00000 0x00026000 "\SystemRoot\system32\DRIVERS\pacer.sys"

.\debug.cpp(256) : 0x02e26000 0x0000b000 "\SystemRoot\system32\DRIVERS\SymIMv.sys"

.\debug.cpp(256) : 0x02e31000 0x0000f000 "\SystemRoot\system32\DRIVERS\netbios.sys"

.\debug.cpp(256) : 0x02e40000 0x0001b000 "\SystemRoot\system32\DRIVERS\wanarp.sys"

.\debug.cpp(256) : 0x02fe7000 0x00014000 "\SystemRoot\system32\DRIVERS\termdd.sys"

.\debug.cpp(256) : 0x04062000 0x00014000 "\SystemRoot\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS"

.\debug.cpp(256) : 0x04076000 0x00051000 "\SystemRoot\system32\DRIVERS\rdbss.sys"

.\debug.cpp(256) : 0x040c7000 0x0000c000 "\SystemRoot\system32\drivers\nsiproxy.sys"

.\debug.cpp(256) : 0x040d3000 0x0000b000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"

.\debug.cpp(256) : 0x04159000 0x00076000 "\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys"

.\debug.cpp(256) : 0x041cf000 0x00025000 "\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"

.\debug.cpp(256) : 0x04000000 0x0000f000 "\SystemRoot\System32\drivers\discache.sys"

.\debug.cpp(256) : 0x0400f000 0x0001e000 "\SystemRoot\System32\Drivers\dfsc.sys"

.\debug.cpp(256) : 0x0426c000 0x00093000 "\SystemRoot\System32\Drivers\NISx64\1008000.029\ccHPx64.sys"

.\debug.cpp(256) : 0x042ff000 0x00011000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"

.\debug.cpp(256) : 0x04310000 0x00057000 "\SystemRoot\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys"

.\debug.cpp(256) : 0x04367000 0x00026000 "\SystemRoot\system32\DRIVERS\tunnel.sys"

.\debug.cpp(256) : 0x0438d000 0x00016000 "\SystemRoot\system32\DRIVERS\intelppm.sys"

.\debug.cpp(256) : 0x10065000 0x00c92000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"

.\debug.cpp(256) : 0x10cf7000 0x00002000 "\SystemRoot\system32\DRIVERS\nvBridge.kmd"

.\debug.cpp(256) : 0x10cf9000 0x000f4000 "\SystemRoot\System32\drivers\dxgkrnl.sys"

.\debug.cpp(256) : 0x10000000 0x00046000 "\SystemRoot\System32\drivers\dxgmms1.sys"

.\debug.cpp(256) : 0x10046000 0x00011000 "\SystemRoot\system32\DRIVERS\HECIx64.sys"

.\debug.cpp(256) : 0x043a3000 0x00047000 "\SystemRoot\system32\DRIVERS\e1k62x64.sys"

.\debug.cpp(256) : 0x10ded000 0x00011000 "\SystemRoot\system32\DRIVERS\usbehci.sys"

.\debug.cpp(256) : 0x04200000 0x00056000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"

.\debug.cpp(256) : 0x0402d000 0x00024000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"

.\debug.cpp(256) : 0x044bb000 0x0003e000 "\SystemRoot\system32\DRIVERS\1394ohci.sys"

.\debug.cpp(256) : 0x044f9000 0x0001e000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"

.\debug.cpp(256) : 0x04517000 0x0000f000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"

.\debug.cpp(256) : 0x04526000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"

.\debug.cpp(256) : 0x0452f000 0x00010000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"

.\debug.cpp(256) : 0x0453f000 0x00016000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"

.\debug.cpp(256) : 0x04555000 0x00024000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"

.\debug.cpp(256) : 0x04579000 0x0000c000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"

.\debug.cpp(256) : 0x04585000 0x0002f000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"

.\debug.cpp(256) : 0x045b4000 0x0001b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"

.\debug.cpp(256) : 0x045cf000 0x00021000 "\SystemRoot\system32\DRIVERS\raspptp.sys"

.\debug.cpp(256) : 0x04400000 0x0001a000 "\SystemRoot\system32\DRIVERS\rassstp.sys"

.\debug.cpp(256) : 0x0441a000 0x0000f000 "\SystemRoot\system32\DRIVERS\mouclass.sys"

.\debug.cpp(256) : 0x04429000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"

.\debug.cpp(256) : 0x0442b000 0x00043000 "\SystemRoot\system32\DRIVERS\ks.sys"

.\debug.cpp(256) : 0x0446e000 0x00012000 "\SystemRoot\system32\DRIVERS\umbus.sys"

.\debug.cpp(256) : 0x04e7e000 0x0005a000 "\SystemRoot\system32\DRIVERS\usbhub.sys"

.\debug.cpp(256) : 0x04ed8000 0x00015000 "\SystemRoot\System32\Drivers\NDProxy.SYS"

.\debug.cpp(256) : 0x05010000 0x001ec000 "\SystemRoot\system32\drivers\RTKVHD64.sys"

.\debug.cpp(256) : 0x04eed000 0x0003d000 "\SystemRoot\system32\drivers\portcls.sys"

.\debug.cpp(256) : 0x04f2a000 0x00022000 "\SystemRoot\system32\drivers\drmk.sys"

.\debug.cpp(256) : 0x05000000 0x00006000 "\SystemRoot\system32\drivers\ksthunk.sys"

.\debug.cpp(256) : 0x04f4c000 0x0000e000 "\SystemRoot\System32\Drivers\crashdmp.sys"

.\debug.cpp(256) : 0x01a9e000 0x0011c000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"

.\debug.cpp(256) : 0x04f5a000 0x00013000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"

.\debug.cpp(256) : 0x04f6d000 0x0001d000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"

.\debug.cpp(256) : 0x05006000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"

.\debug.cpp(256) : 0x04f8a000 0x0001b000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"

.\debug.cpp(256) : 0x04fa5000 0x0000e000 "\SystemRoot\system32\DRIVERS\hidusb.sys"

.\debug.cpp(256) : 0x04fb3000 0x00019000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"

.\debug.cpp(256) : 0x04fcc000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"

.\debug.cpp(256) : 0x04fd5000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouhid.sys"

.\debug.cpp(256) : 0x00000000 0x00310000 "\SystemRoot\System32\win32k.sys"

.\debug.cpp(256) : 0x04fe2000 0x0000c000 "\SystemRoot\System32\drivers\Dxapi.sys"

.\debug.cpp(256) : 0x04fee000 0x0000e000 "\SystemRoot\system32\DRIVERS\monitor.sys"

.\debug.cpp(256) : 0x00430000 0x0000a000 "\SystemRoot\System32\TSDDD.dll"

.\debug.cpp(256) : 0x00790000 0x00027000 "\SystemRoot\System32\cdd.dll"

.\debug.cpp(256) : 0x00840000 0x00061000 "\SystemRoot\System32\ATMFD.DLL"

.\debug.cpp(256) : 0x04e00000 0x00023000 "\SystemRoot\system32\drivers\luafv.sys"

.\debug.cpp(256) : 0x04e23000 0x00021000 "\SystemRoot\system32\drivers\WudfPf.sys"

.\debug.cpp(256) : 0x04e44000 0x00015000 "\SystemRoot\system32\DRIVERS\lltdio.sys"

.\debug.cpp(256) : 0x04e59000 0x00018000 "\SystemRoot\system32\DRIVERS\rspndr.sys"

.\debug.cpp(256) : 0x0541b000 0x000c8000 "\SystemRoot\system32\drivers\HTTP.sys"

.\debug.cpp(256) : 0x054e3000 0x0001e000 "\SystemRoot\system32\DRIVERS\bowser.sys"

.\debug.cpp(256) : 0x05501000 0x00018000 "\SystemRoot\System32\drivers\mpsdrv.sys"

.\debug.cpp(256) : 0x05519000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"

.\debug.cpp(256) : 0x05546000 0x0004e000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"

.\debug.cpp(256) : 0x05594000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"

.\debug.cpp(256) : 0x05817000 0x000a6000 "\SystemRoot\system32\drivers\peauth.sys"

.\debug.cpp(256) : 0x058bd000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS"

.\debug.cpp(256) : 0x058c8000 0x0002d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"

.\debug.cpp(256) : 0x058f5000 0x00012000 "\SystemRoot\System32\drivers\tcpipreg.sys"

.\debug.cpp(256) : 0x05907000 0x00067000 "\SystemRoot\System32\DRIVERS\srv2.sys"

.\debug.cpp(256) : 0x05ed7000 0x00096000 "\SystemRoot\System32\DRIVERS\srv.sys"

.\debug.cpp(256) : 0x05f6d000 0x00031000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"

.\debug.cpp(256) : 0x05e00000 0x0007e000 "\SystemRoot\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS"

.\debug.cpp(256) : 0x0596e000 0x0007b000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101217.001\IDSvia64.sys"

.\debug.cpp(256) : 0x05e7e000 0x00054000 "\SystemRoot\system32\DRIVERS\udfs.sys"

.\debug.cpp(256) : 0x06628000 0x001ba000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101221.002\EX64.SYS"

.\debug.cpp(256) : 0x06600000 0x00020000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101221.002\ENG64.SYS"

.\debug.cpp(256) : 0x778b0000 0x001ab000 "\Windows\System32\ntdll.dll"

.\debug.cpp(256) : 0x47670000 0x00020000 "\Windows\System32\smss.exe"

.\debug.cpp(256) : 0xffbd0000 0x00050000 "\Windows\System32\apisetschema.dll"

.\debug.cpp(256) : 0xff8a0000 0x000c1000 "\Windows\System32\autochk.exe"

.\debug.cpp(256) : 0xff9b0000 0x00202000 "\Windows\System32\ole32.dll"

.\debug.cpp(256) : 0xff980000 0x0002e000 "\Windows\System32\imm32.dll"

.\debug.cpp(256) : 0xff900000 0x00080000 "\Windows\System32\difxapi.dll"

.\debug.cpp(256) : 0xff720000 0x001d7000 "\Windows\System32\setupapi.dll"

.\debug.cpp(256) : 0xff6a0000 0x00071000 "\Windows\System32\shlwapi.dll"

.\debug.cpp(256) : 0xff440000 0x00259000 "\Windows\System32\iertutil.dll"

.\debug.cpp(256) : 0xff3a0000 0x00099000 "\Windows\System32\clbcatq.dll"

.\debug.cpp(256) : 0xff390000 0x00008000 "\Windows\System32\nsi.dll"

.\debug.cpp(256) : 0xff260000 0x0012e000 "\Windows\System32\rpcrt4.dll"

.\debug.cpp(256) : 0xff130000 0x0012a000 "\Windows\System32\wininet.dll"

.\debug.cpp(256) : 0x77a80000 0x00003000 "\Windows\System32\normaliz.dll"

.\debug.cpp(256) : 0xff020000 0x00109000 "\Windows\System32\msctf.dll"

.\debug.cpp(256) : 0xfeea0000 0x00178000 "\Windows\System32\urlmon.dll"

.\debug.cpp(256) : 0xfedc0000 0x000db000 "\Windows\System32\advapi32.dll"

.\debug.cpp(256) : 0xfed50000 0x00067000 "\Windows\System32\gdi32.dll"

.\debug.cpp(256) : 0xfecb0000 0x0009f000 "\Windows\System32\msvcrt.dll"

.\debug.cpp(256) : 0x777b0000 0x000fa000 "\Windows\System32\user32.dll"

.\debug.cpp(256) : 0xfec60000 0x00050000 "\Windows\System32\Wldap32.dll"

.\debug.cpp(256) : 0xfec50000 0x0000e000 "\Windows\System32\lpk.dll"

.\debug.cpp(256) : 0xfec30000 0x00017000 "\Windows\System32\imagehlp.dll"

.\debug.cpp(256) : 0xfeb90000 0x00098000 "\Windows\System32\comdlg32.dll"

.\debug.cpp(256) : 0xfde00000 0x00d86000 "\Windows\System32\shell32.dll"

.\debug.cpp(256) : 0x77a70000 0x00007000 "\Windows\System32\psapi.dll"

.\debug.cpp(256) : 0xfdd20000 0x000d7000 "\Windows\System32\oleaut32.dll"

.\debug.cpp(256) : 0x77690000 0x0011f000 "\Windows\System32\kernel32.dll"

.\debug.cpp(256) : 0xfdc50000 0x000ca000 "\Windows\System32\usp10.dll"

.\debug.cpp(256) : 0xfdc30000 0x0001f000 "\Windows\System32\sechost.dll"

.\debug.cpp(256) : 0xfdbe0000 0x0004d000 "\Windows\System32\ws2_32.dll"

.\debug.cpp(256) : 0xfdb40000 0x000a0000 "\Windows\System32\comctl32.dll"

.\debug.cpp(256) : 0xfdb00000 0x0003a000 "\Windows\System32\wintrust.dll"

.\debug.cpp(256) : 0xfdae0000 0x0001a000 "\Windows\System32\devobj.dll"

.\debug.cpp(256) : 0xfd970000 0x00166000 "\Windows\System32\crypt32.dll"

.\debug.cpp(256) : 0xfd930000 0x00036000 "\Windows\System32\cfgmgr32.dll"

.\debug.cpp(256) : 0xfd8c0000 0x0006b000 "\Windows\System32\KernelBase.dll"

.\debug.cpp(256) : 0xfd8b0000 0x0000f000 "\Windows\System32\msasn1.dll"

.\debug.cpp(256) : 0x75e20000 0x00003000 "\Windows\SysWOW64\normaliz.dll"

.\debug.cpp(263) : **********************************************

.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********

.\debug.cpp(308) : **********************************************

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"

.\debug.cpp(400) : Destination "\Device\CdRom0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"

.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250389&REV_1002#4&18280ae0&0&0201#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"

.\debug.cpp(400) : Destination "\Device\00000067"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"

.\debug.cpp(400) : Destination "\Device\00000049"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\0000003e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"

.\debug.cpp(400) : Destination "\Device\Video4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_xD-Picture&Rev_1.00#8&35ccda1&0&20060413092100000&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\00000071"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"

.\debug.cpp(400) : Destination "\Device\Video0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000047"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"

.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"

.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"

.\debug.cpp(400) : Destination "\Device\Harddisk2\DR2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0461&PID_4D64#7&2181674&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination "\Device\00000076"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO#HG&REV_1.00#8&35CCDA1&0&20060413092100000&3##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"

.\debug.cpp(400) : Destination "\Device\0000007c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa903f02-ff9a-11de-b344-806e6f6e6963}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2363&SUBSYS_03891025&REV_03#4&c0cf403&0&00E1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"

.\debug.cpp(400) : Destination "\Device\Psched"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"

.\debug.cpp(400) : Destination "\Device\Harddisk3\DR3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\00000046"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10"

.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000041"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000047"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250389&REV_1002#4&18280ae0&0&0201#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"

.\debug.cpp(400) : Destination "\Device\00000067"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"

.\debug.cpp(400) : Destination "\Device\AscKmd"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b9e4869-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-1b9e4869-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"

.\debug.cpp(400) : Destination "\Device\Harddisk4\DR4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0613&SUBSYS_C8793842&REV_A2#4&27e14b4e&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIM"

.\debug.cpp(400) : Destination "\Device\SymIM"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_10F0&SUBSYS_80001025&REV_06#3&11583659&0&C8#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b9e4879-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-1b9e4879-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"

.\debug.cpp(400) : Destination "\Device\CdRom0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive5"

.\debug.cpp(400) : Destination "\Device\Harddisk5\DR5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC&Rev_1.00#8&35ccda1&0&20060413092100000&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B22&SUBSYS_03891025&REV_06#3&11583659&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E43D242B-9EAB-4626-A952-46649FBB939A}"

.\debug.cpp(400) : Destination "\Device\NDMP5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0020#5&269be6a4&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#GSM4B69#5&47b6347&1&UID1048849#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"

.\debug.cpp(400) : Destination "\Device\00000077"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"

.\debug.cpp(400) : Destination "\Device\00000078"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-bd320e59-13ce-481e-ae2d-dc7ed9e0f78b"

.\debug.cpp(400) : Destination "\Device\HostProcess-bd320e59-13ce-481e-ae2d-dc7ed9e0f78b"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GH41N___________________MN01____#4&36e7c153&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000040"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"

.\debug.cpp(400) : Destination "\Device\AgileVPN"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b9e4875-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-1b9e4875-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"

.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"

.\debug.cpp(400) : Destination "\Device\Ide\iaStor0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_10F0&SUBSYS_80001025&REV_06#3&11583659&0&C8#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"

.\debug.cpp(400) : Destination "\Device\USBFDO-1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250389&REV_1002#4&18280ae0&0&0201#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000067"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"

.\debug.cpp(400) : Destination "\Device\IPSECDOSP"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"

.\debug.cpp(400) : Destination "\Device\PEAuth"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"

.\debug.cpp(400) : Destination "\Device\WMIDataDevice"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010"

.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk2Partition1"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"

.\debug.cpp(400) : Destination "\Device\Video5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MICROSD&REV_1.00#8&35CCDA1&0&20060413092100000&4##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"

.\debug.cpp(400) : Destination "\Device\0000007b"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0461&PID_4D64#7&2181674&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\00000076"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"

.\debug.cpp(400) : Destination "\Device\Video1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"

.\debug.cpp(400) : Destination "\Device\NDMP7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&52f9dd0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#GSM4B69#5&47b6347&1&UID1048849#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"

.\debug.cpp(400) : Destination "\Device\00000077"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-6ad96747-e674-43eb-8652-47a76a67723b"

.\debug.cpp(400) : Destination "\Device\HostProcess-6ad96747-e674-43eb-8652-47a76a67723b"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-2d8066ff-06f9-45cb-b20c-ed0ccedf65aa"

.\debug.cpp(400) : Destination "\Device\HostProcess-2d8066ff-06f9-45cb-b20c-ed0ccedf65aa"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MICROSD&REV_1.00#8&35CCDA1&0&20060413092100000&4##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"

.\debug.cpp(400) : Destination "\Device\0000007b"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic-&Prod_xD-Picture&Rev_1.00#8&35ccda1&0&20060413092100000&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"

.\debug.cpp(400) : Destination "\Device\Mup"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"

.\debug.cpp(400) : Destination "\Device\Tcp"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"

.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"

.\debug.cpp(400) : Destination "\Device\SPDevice"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC&Rev_1.00#8&35ccda1&0&20060413092100000&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\00000072"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa903f1b-ff9a-11de-b344-806e6f6e6963}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa903f1a-ff9a-11de-b344-806e6f6e6963}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000047"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"

.\debug.cpp(400) : Destination "\Device\Scsi\JRAID1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa903f1c-ff9a-11de-b344-806e6f6e6963}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"

.\debug.cpp(400) : Destination "\Device\WANARP"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"

.\debug.cpp(400) : Destination "\DosDevices\LPT1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B34&SUBSYS_03891025&REV_06#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000003d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\00000043"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa903f1d-ff9a-11de-b344-806e6f6e6963}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B64&SUBSYS_03891025&REV_06#3&11583659&0&B0#{e2d1ff34-3458-49a9-88da-8e6915ce9be5}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{9FC86478-3A3B-4C00-A238-A6CB99DB9EDE}"

.\debug.cpp(400) : Destination "\Device\INTELPRO_{9FC86478-3A3B-4C00-A238-A6CB99DB9EDE}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"

.\debug.cpp(400) : Destination "\Device\00000047"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250389&REV_1002#4&18280ae0&0&0201#{86841137-ed8e-4d97-9975-f2ed56b4430e}"

.\debug.cpp(400) : Destination "\Device\00000067"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"

.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"

.\debug.cpp(400) : Destination "\Device\NAVENG"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"

.\debug.cpp(400) : Destination "\Device\EraserCtrlDrv"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000047"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\00000045"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMRDR"

.\debug.cpp(400) : Destination "\Device\SYMRDR"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0BDA&PID_0182&MI_01#8&1b2059e6&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination "\Device\00000075"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"

.\debug.cpp(400) : Destination "\Device\MountPointManager"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1dadec05&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_0182#20060413092100000#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b9e4871-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-1b9e4871-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}"

.\debug.cpp(400) : Destination "\Device\NDMP9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{21ac42e0-ff9c-11de-95f3-806e6f6e6963}"

.\debug.cpp(400) : Destination "\Device\CdRom0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"

.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000001"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000003e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\00000042"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{21ac42d0-ff9c-11de-95f3-806e6f6e6963}#0000000346500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\0000003f"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\00000040"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0461&PID_4D64#6&248bc58&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"

.\debug.cpp(400) : Destination "\GLOBAL??"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"

.\debug.cpp(400) : Destination "\Device\00000079"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"

.\debug.cpp(400) : Destination "\Device\NAVEX15"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.00#8&35ccda1&0&20060413092100000&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"

.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"

.\debug.cpp(400) : Destination "\Device\Video2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"

.\debug.cpp(400) : Destination "\clfs"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_XD-PICTURE&REV_1.00#8&35CCDA1&0&20060413092100000&1##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"

.\debug.cpp(400) : Destination "\Device\0000007e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"

.\debug.cpp(400) : Destination "\Device\00000049"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"

.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk4Partition1"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&e605fc2&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\0000005d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_XD-PICTURE&REV_1.00#8&35CCDA1&0&20060413092100000&1##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"

.\debug.cpp(400) : Destination "\Device\0000007e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.00#8&35ccda1&0&20060413092100000&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\00000070"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"

.\debug.cpp(400) : Destination "\Device\SRTSPX"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"

.\debug.cpp(400) : Destination "\Device\00000052"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"

.\debug.cpp(400) : Destination "\Device\VolMgrControl"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"

.\debug.cpp(400) : Destination "\Device\NDMP6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk1Partition1"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0613&SUBSYS_C8793842&REV_A2#4&27e14b4e&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"

.\debug.cpp(400) : Destination "\Device\MailSlot"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"

.\debug.cpp(400) : Destination "\Device\VolMgrControl"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\0000004a"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"

.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"

.\debug.cpp(400) : Destination "\Device\WANARPV6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NvAdminDevice"

.\debug.cpp(400) : Destination "\Device\NvAdminDevice"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000042"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0020#5&1e39c4f1&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-d08273ee-b5b8-4d4f-a436-887d612b63e0"

.\debug.cpp(400) : Destination "\Device\HostProcess-d08273ee-b5b8-4d4f-a436-887d612b63e0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b9e4868-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-1b9e4868-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI"

.\debug.cpp(400) : Destination "\Device\SymTDI"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMEFA"

.\debug.cpp(400) : Destination "\Device\SYMEFA"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"

.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"

.\debug.cpp(400) : Destination "\Device\FsWrap"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\00000001"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{802389A0-9C1A-4C28-9099-BC7F2A90C31A}"

.\debug.cpp(400) : Destination "\Device\NDMP4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7EB21DD2-2FF2-4C5A-8037-2D241FBB46C6}"

.\debug.cpp(400) : Destination "\Device\NDMP2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#8&35CCDA1&0&20060413092100000&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"

.\debug.cpp(400) : Destination "\Device\0000007a"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#8&35CCDA1&0&20060413092100000&2##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"

.\debug.cpp(400) : Destination "\Device\0000007d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"

.\debug.cpp(400) : Destination "\Device\Nsi"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"

.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B3C&SUBSYS_03891025&REV_06#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000047"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000047"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume4"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b9e486d-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-1b9e486d-09ed-11e0-8e68-90fba62fd611"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIDSCo"

.\debug.cpp(400) : Destination "\Device\SymIDSCo"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic-&Prod_MicroSD&Rev_1.00#8&35ccda1&0&20060413092100000&4#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"

.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel®_Core_i3_CPU_________530__@_2.93GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"

.\debug.cpp(400) : Destination "\Device\0000004e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_80101025&REV_C0#4&22c27510&0&30F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume5"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"

.\debug.cpp(400) : Destination "\Device\Secdrv"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"

.\debug.cpp(400) : Destination "\Device\00000048"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO#HG&REV_1.00#8&35CCDA1&0&20060413092100000&3##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"

.\debug.cpp(400) : Destination "\Device\0000007c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{21ac42d0-ff9c-11de-95f3-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa903f19-ff9a-11de-b344-806e6f6e6963}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"

.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel®_Core_i3_CPU_________530__@_2.93GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"

.\debug.cpp(400) : Destination "\Device\0000004f"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume6"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"

.\debug.cpp(400) : Destination "\Device\NXTIPSEC"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"

.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6B7FCF1F-E08B-4555-A9C4-1BCB278ADE46}"

.\debug.cpp(400) : Destination "\Device\NDMP1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}"

.\debug.cpp(400) : Destination "\Device\NDMP10"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel®_Core_i3_CPU_________530__@_2.93GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"

.\debug.cpp(400) : Destination "\Device\0000004d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"

.\debug.cpp(400) : Destination "\Device\Video3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume7"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"

.\debug.cpp(400) : Destination "\Device\SstpDrv"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#8&35CCDA1&0&20060413092100000&2##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"

.\debug.cpp(400) : Destination "\Device\0000007d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"

.\debug.cpp(400) : Destination "\Device\TeredoTun"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_MS#MS-Pro#HG&Rev_1.00#8&35ccda1&0&20060413092100000&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\00000073"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic-&Prod_MS#MS-Pro#HG&Rev_1.00#8&35ccda1&0&20060413092100000&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250389&REV_1002#4&18280ae0&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000067"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"

.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"

.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}"

.\debug.cpp(400) : Destination "\Device\NDMP11"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume8"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"

.\debug.cpp(400) : Destination "\Device\WFP"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GH41N___________________MN01____#4&36e7c153&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"

.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\00000041"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000043"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"

.\debug.cpp(400) : Destination "\Device\ProcessManagement"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"

.\debug.cpp(400) : Destination "\Device\WfpAle"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"

.\debug.cpp(400) : Destination "\Device\MPS"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#8&35CCDA1&0&20060413092100000&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"

.\debug.cpp(400) : Destination "\Device\0000007a"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"

.\debug.cpp(400) : Destination "\Device\Ndis"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD10EADS-22M2B0_____________________01.00A01#4&36e7c153&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_MicroSD&Rev_1.00#8&35ccda1&0&20060413092100000&4#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\00000074"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa903f00-ff9a-11de-b344-806e6f6e6963}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"

.\debug.cpp(400) : Destination "\Device\PartmgrControl"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"

.\debug.cpp(400) : Destination "\Device\1394BUS0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000003f"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BASHDRVCHANNEL"

.\debug.cpp(400) : Destination "\Device\BBDrvDevice"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"

.\debug.cpp(400) : Destination ""

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa903f01-ff9a-11de-b344-806e6f6e6963}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"

.\debug.cpp(400) : Destination "\Device\NamedPipe"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"

.\debug.cpp(400) : Destination "\Device\SymEvent"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"

.\debug.cpp(400) : Destination "\Device\0000003d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk5Partition1"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"

.\debug.cpp(400) : Destination "\Device\00000054"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"

.\debug.cpp(400) : Destination "\DosDevices\COM1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"

.\debug.cpp(400) : Destination "\Device\NDMP8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000047"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel®_Core_i3_CPU_________530__@_2.93GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"

.\debug.cpp(400) : Destination "\Device\0000004c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250389&REV_1002#4&18280ae0&0&0201#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000067"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"

.\debug.cpp(400) : Destination "\Device\Null"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk3Partition1"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9FC86478-3A3B-4C00-A238-A6CB99DB9EDE}"

.\debug.cpp(400) : Destination "\Device\NDMP3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"

.\debug.cpp(400) : Destination "\Device\SRTSP"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{21ac42d0-ff9c-11de-95f3-806e6f6e6963}#0000000340100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250389&REV_1002#4&18280ae0&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}"

.\debug.cpp(400) : Destination "\Device\00000067"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"

.\debug.cpp(400) : Destination "\Device\NdisWan"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"

.\debug.cpp(400) : Destination "\Device\USBFDO-0"

.\debug.cpp(409) : --

.\debug.cpp(453) : **********************************************

.\boot_cleaner.cpp(565) : System volume is \\.\C:

.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`46500000

.\boot_cleaner.cpp(793) : Restoring boot code at \\.\PhysicalDrive0...

.\diskio.cpp(260) : ATA_Write(): DeviceIoControl() ERROR 1

.\boot_cleaner.cpp(901) : ERROR: Can't write first sector of the disk.

.\boot_cleaner.cpp(1151) : Done;

Link to post
Share on other sites
Leniadlapa

Leniadlapa

Posted
  • Author
Posted

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: Gateway

System Product Name: DX4831

Logical Drives Mask: 0x000001fc

Kernel Drivers (total 196):

0x02E0D000 \SystemRoot\system32\ntoskrnl.exe

0x033E9000 \SystemRoot\system32\hal.dll

0x00BAE000 \SystemRoot\system32\kdcom.dll

0x00C78000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CBC000 \SystemRoot\system32\PSHED.dll

0x00CD0000 \SystemRoot\system32\CLFS.SYS

0x00D2E000 \SystemRoot\system32\CI.dll

0x00E1C000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EC0000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00ECF000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F26000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F2F000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F39000 \SystemRoot\system32\DRIVERS\pci.sys

0x00F6C000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00F79000 \SystemRoot\System32\drivers\partmgr.sys

0x00F8E000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00FA3000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys

0x0103E000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x0115A000 \SystemRoot\system32\DRIVERS\atapi.sys

0x01163000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x0118D000 \SystemRoot\system32\DRIVERS\msahci.sys

0x01198000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x011A8000 \SystemRoot\system32\DRIVERS\jraid.sys

0x011C6000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x011F5000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys

0x01000000 \SystemRoot\system32\drivers\fileinfo.sys

0x012D6000 \SystemRoot\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS

0x0133D000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01406000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01349000 \SystemRoot\System32\Drivers\msrpc.sys

0x015A9000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01200000 \SystemRoot\System32\Drivers\cng.sys

0x015C3000 \SystemRoot\System32\drivers\pcw.sys

0x015D4000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x016DF000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\NETIO.SYS

0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01802000 \SystemRoot\System32\drivers\tcpip.sys

0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01273000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x016D5000 \SystemRoot\System32\Drivers\spldr.sys

0x013A7000 \SystemRoot\System32\drivers\rdyboost.sys

0x017D1000 \SystemRoot\System32\Drivers\mup.sys

0x017E3000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01A1E000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01A58000 \SystemRoot\system32\DRIVERS\disk.sys

0x01A6E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01014000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01BDB000 \SystemRoot\System32\Drivers\Null.SYS

0x01BE4000 \SystemRoot\System32\Drivers\Beep.SYS

0x01BEB000 \SystemRoot\System32\drivers\vga.sys

0x00C4C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01A00000 \SystemRoot\System32\drivers\watchdog.sys

0x01A10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x017EC000 \SystemRoot\system32\drivers\rdpencdd.sys

0x017F5000 \SystemRoot\system32\drivers\rdprefmp.sys

0x015DE000 \SystemRoot\System32\Drivers\Msfs.SYS

0x015E9000 \SystemRoot\System32\Drivers\Npfs.SYS

0x013E1000 \SystemRoot\system32\DRIVERS\tdx.sys

0x012BF000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02E5B000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS

0x02EA7000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

0x02EDD000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS

0x02EED000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS

0x02F0F000 \SystemRoot\system32\drivers\afd.sys

0x02F99000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02FDE000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02E00000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02E26000 \SystemRoot\system32\DRIVERS\SymIMv.sys

0x02E31000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02E40000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02FE7000 \SystemRoot\system32\DRIVERS\termdd.sys

0x04062000 \SystemRoot\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS

0x04076000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x040C7000 \SystemRoot\system32\drivers\nsiproxy.sys

0x040D3000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x04159000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

0x041CF000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x04000000 \SystemRoot\System32\drivers\discache.sys

0x0400F000 \SystemRoot\System32\Drivers\dfsc.sys

0x0426C000 \SystemRoot\System32\Drivers\NISx64\1008000.029\ccHPx64.sys

0x042FF000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x04310000 \SystemRoot\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys

0x04367000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0438D000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x10065000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x10CF7000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x10CF9000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x10000000 \SystemRoot\System32\drivers\dxgmms1.sys

0x10046000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x043A3000 \SystemRoot\system32\DRIVERS\e1k62x64.sys

0x10DED000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x0402D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x044BB000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x044F9000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x04517000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04526000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x0452F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x0453F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x04555000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x04579000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x04585000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x045B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x045CF000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x04400000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x0441A000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04429000 \SystemRoot\system32\DRIVERS\swenum.sys

0x0442B000 \SystemRoot\system32\DRIVERS\ks.sys

0x0446E000 \SystemRoot\system32\DRIVERS\umbus.sys

0x04E7E000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04ED8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x05010000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x04EED000 \SystemRoot\system32\drivers\portcls.sys

0x04F2A000 \SystemRoot\system32\drivers\drmk.sys

0x05000000 \SystemRoot\system32\drivers\ksthunk.sys

0x04F4C000 \SystemRoot\System32\Drivers\crashdmp.sys

0x01A9E000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x04F5A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x04F6D000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05006000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04F8A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x04FA5000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04FB3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04FCC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x04FD5000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x00000000 \SystemRoot\System32\win32k.sys

0x04FE2000 \SystemRoot\System32\drivers\Dxapi.sys

0x04FEE000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00430000 \SystemRoot\System32\TSDDD.dll

0x00790000 \SystemRoot\System32\cdd.dll

0x00840000 \SystemRoot\System32\ATMFD.DLL

0x04E00000 \SystemRoot\system32\drivers\luafv.sys

0x04E23000 \SystemRoot\system32\drivers\WudfPf.sys

0x04E44000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x04E59000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0541B000 \SystemRoot\system32\drivers\HTTP.sys

0x054E3000 \SystemRoot\system32\DRIVERS\bowser.sys

0x05501000 \SystemRoot\System32\drivers\mpsdrv.sys

0x05519000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x05546000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x05594000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x05817000 \SystemRoot\system32\drivers\peauth.sys

0x058BD000 \SystemRoot\System32\Drivers\secdrv.SYS

0x058C8000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x058F5000 \SystemRoot\System32\drivers\tcpipreg.sys

0x05907000 \SystemRoot\System32\DRIVERS\srv2.sys

0x05ED7000 \SystemRoot\System32\DRIVERS\srv.sys

0x05F6D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x05E00000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS

0x0596E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101217.001\IDSvia64.sys

0x05E7E000 \SystemRoot\system32\DRIVERS\udfs.sys

0x0661F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101221.020\EX64.SYS

0x067D9000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101221.020\ENG64.SYS

0x778B0000 \Windows\System32\ntdll.dll

0x47670000 \Windows\System32\smss.exe

0xFFBD0000 \Windows\System32\apisetschema.dll

0xFF8A0000 \Windows\System32\autochk.exe

0xFF9B0000 \Windows\System32\ole32.dll

0xFF980000 \Windows\System32\imm32.dll

0xFF900000 \Windows\System32\difxapi.dll

0xFF720000 \Windows\System32\setupapi.dll

0xFF6A0000 \Windows\System32\shlwapi.dll

0xFF440000 \Windows\System32\iertutil.dll

0xFF3A0000 \Windows\System32\clbcatq.dll

0xFF390000 \Windows\System32\nsi.dll

0xFF260000 \Windows\System32\rpcrt4.dll

0xFF130000 \Windows\System32\wininet.dll

0x77A80000 \Windows\System32\normaliz.dll

0xFF020000 \Windows\System32\msctf.dll

0xFEEA0000 \Windows\System32\urlmon.dll

0xFEDC0000 \Windows\System32\advapi32.dll

0xFED50000 \Windows\System32\gdi32.dll

0xFECB0000 \Windows\System32\msvcrt.dll

0x777B0000 \Windows\System32\user32.dll

0xFEC60000 \Windows\System32\Wldap32.dll

0xFEC50000 \Windows\System32\lpk.dll

0xFEC30000 \Windows\System32\imagehlp.dll

0xFEB90000 \Windows\System32\comdlg32.dll

0xFDE00000 \Windows\System32\shell32.dll

0x77A70000 \Windows\System32\psapi.dll

0xFDD20000 \Windows\System32\oleaut32.dll

0x77690000 \Windows\System32\kernel32.dll

0xFDC50000 \Windows\System32\usp10.dll

0xFDC30000 \Windows\System32\sechost.dll

0xFDBE0000 \Windows\System32\ws2_32.dll

0xFDB40000 \Windows\System32\comctl32.dll

0xFDB00000 \Windows\System32\wintrust.dll

0xFDAE0000 \Windows\System32\devobj.dll

0xFD970000 \Windows\System32\crypt32.dll

0xFD930000 \Windows\System32\cfgmgr32.dll

0xFD8C0000 \Windows\System32\KernelBase.dll

0xFD8B0000 \Windows\System32\msasn1.dll

0x75E20000 \Windows\SysWOW64\normaliz.dll

Processes (total 55):

0 System Idle Process

4 System

328 C:\Windows\System32\smss.exe

456 csrss.exe

516 C:\Windows\System32\wininit.exe

532 csrss.exe

584 C:\Windows\System32\services.exe

600 C:\Windows\System32\lsass.exe

608 C:\Windows\System32\lsm.exe

700 C:\Windows\System32\winlogon.exe

800 C:\Windows\System32\svchost.exe

868 C:\Windows\System32\nvvsvc.exe

920 C:\Windows\System32\svchost.exe

124 C:\Windows\System32\svchost.exe

364 C:\Windows\System32\svchost.exe

544 C:\Windows\System32\svchost.exe

1036 C:\Windows\System32\svchost.exe

1060 C:\Windows\System32\nvvsvc.exe

1188 C:\Windows\System32\svchost.exe

1384 C:\Windows\System32\spoolsv.exe

1420 C:\Windows\System32\svchost.exe

1536 C:\Windows\System32\svchost.exe

1592 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

1672 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

1716 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

1792 C:\Windows\System32\svchost.exe

1856 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

2024 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

1152 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2104 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2404 C:\Windows\System32\svchost.exe

2440 WUDFHost.exe

2300 C:\Windows\System32\taskhost.exe

1508 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

2864 C:\Windows\System32\dwm.exe

3020 C:\Windows\explorer.exe

3544 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

3556 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

3584 C:\Program Files (x86)\Glary Utilities\memdefrag.exe

3856 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

3864 C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe

3880 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3948 C:\Windows\System32\SearchIndexer.exe

3500 C:\Program Files\Windows Media Player\wmpnetwk.exe

3260 C:\Windows\System32\svchost.exe

4032 dllhost.exe

1380 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

4276 C:\Windows\System32\taskhost.exe

4884 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

912 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

3288 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

4892 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

1920 C:\Windows\System32\audiodg.exe

3248 C:\Users\Daniel\Desktop\MBRCheck.exe

5116 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD10EADS-22M2B0, Rev: 01.00A01

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  1. Run MBRCheck.exe
  2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  3. Please push the 'Y' key and then press Enter
  4. When program ask you Enter your choice: enter 2 and press the Enter key
    [*d-Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):AIgAN-
  5. Enter 0 and press the Enter key.A0-
  6. The program will show Available MBR codes:, followed by a list of operating systems. Please enter the number for Windows 7, and then press Enter.
  7. The program will prompt for confirmation. Type 'YES' and hit Enter.
  8. Left click on the title bar (where program name and path is written).
  9. From menu chose Edit => Select All
  10. Hit the Enter key on your keyboard to copy selected text.
  11. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
  12. Restart your PC.
  13. Post the text in "MBRCheck results.txt" here, please.

Link to post
Share on other sites
Leniadlapa

Leniadlapa

Posted
  • Author
Posted

After restarting I was able to open up the non-Safe Mode version of Firefox straight from my desktop ( something I had not been able to do as long as I have had this current Malware problem ), but I still am receiving blocked intrusion notifications. Here is the copy-pasted file:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: Gateway

System Product Name: DX4831

Logical Drives Mask: 0x000001fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0

Available MBR codes:

[ 0] Default (Windows 7)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 5

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

Press ENTER to exit...

Link to post
Share on other sites
Leniadlapa

Leniadlapa

Posted
  • Author
Posted

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: Gateway

System Product Name: DX4831

Logical Drives Mask: 0x000001fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD10EADS-22M2B0, Rev: 01.00A01

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:

[ 0] Default (Windows 7)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 0

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

Link to post
Share on other sites
Leniadlapa

Leniadlapa

Posted
  • Author
Posted

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: Gateway

System Product Name: DX4831

Logical Drives Mask: 0x000001fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD10EADS-22M2B0, Rev: 01.00A01

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:

[ 0] Default (Windows 7)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 5

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :huh:

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.