Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Only browser that can access internet is IE


  • Please log in to reply
11 replies to this topic

#1 KamiKara

KamiKara

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 15 May 2012 - 08:19 AM

Hello, I'm new to this forum so please bear with me :)
So this is the problem that I am having: whenever my pc starts, Internet Explorer starts with it (never done that, never changed any settings, it just started doing it today), and IE is the only browser that can connect to the internet, I realised this when i tried to go on facebook this afternoon with chrome, but it came up with the "aw snap something went wrong" message, so i decided to go for firefox for a bit, but the same kind of thing happened, firefox couldnt connect to any websites either. On the other hand, I tried to search what had happened with IE, and it had no problems accessing the internet what so ever, so seemed weird. After reading some questions and answers from others on the internet, I started to get a little worried, as just before the problem occurred, I used a web based program that told me it gave free facebook likes (yes i know this is stupid, but it did seem harmless, so i decided to give a try after reading some comments) and surpassingly, it did not work, and that was just a few minutes before the problem occurred. Anyhow, I've done some scans with Ad Aware and Malwarebytes, both quick scans, but both told me that no threats were found.
Some additional info:
Internet Explorer just pops up randomly
All non-browser based apps I have work, including cmd, games, etc
Chrome and Firefox gets closed without me doing anything
The computer can not complete a system restore.
I have re-installed both firefox and chrome, but that didn't help.
Windows Defender was turned off for no apparent reason, I did not do it, but now it's back on.
My current anti virus is symantec, i've done a quick scan with that as well, but no luck.
Could not get into safemode with F8, I had to use the msconfig to start the computer in safe mode.
I will do a full scan with Malware Bytes tomorrow when i get back, so any advices/opinions would be greatly appreciated. :)
PS. should i not use the pc before i know what is going on?
Edit: I'm using Windows Vista Home Premium 32 bit

Edited by KamiKara, 15 May 2012 - 08:20 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:13 AM

Posted 15 May 2012 - 08:20 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 KamiKara

KamiKara
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 16 May 2012 - 05:02 AM

Hello Broni, thank you for the prompt reply, here are my results:
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java™ 6 Update 31
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus VPTray.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

Farbar Service Scanner Version: 11-05-2012
Ran by Liyhs (administrator) on 16-05-2012 at 17:06:33
Running from "F:\"
Microsoft? Windows Vista? Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 21:34] - [2012-03-30 22:09] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 18-01-2012
Ran by Liyhs (administrator) on 16-05-2012 at 17:11:59
Microsoft? Windows Vista? Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: www-proxy.adelaide.edu.au:8080

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
127.0.0.1 ood.opsource.net
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com

There are 28 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 2 (Disconnected)
Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Liyhs-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-21-9B-01-04-66
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 2012年5月16日 16:53:17
Lease Expires . . . . . . . . . . : 2012年5月17日 16:53:17
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{BEEBCC00-B947-4684-A542-4A525862700B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 28:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #9
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: RTA1320.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.237.5
74.125.237.2
74.125.237.9
74.125.237.8
74.125.237.1
74.125.237.4
74.125.237.0
74.125.237.6
74.125.237.14
74.125.237.3
74.125.237.7



Pinging google.com [74.125.237.5] with 32 bytes of data:

Reply from 74.125.237.5: bytes=32 time=38ms TTL=57

Reply from 74.125.237.5: bytes=32 time=38ms TTL=57



Ping statistics for 74.125.237.5:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 38ms, Average = 38ms

Server: RTA1320.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=269ms TTL=50

Reply from 209.191.122.70: bytes=32 time=269ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 269ms, Maximum = 269ms, Average = 269ms

Server: RTA1320.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 1ms, Average = 1ms

===========================================================================
Interface List
11 ...00 21 9b 01 04 66 ...... Intel® 82562V-2 10/100 Network Connection
1 ........................... Software Loopback Interface 1
17 ...00 00 00 00 00 00 00 e0 isatap.{BEEBCC00-B947-4684-A542-4A525862700B}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
29 ...00 00 00 00 00 00 00 e0 isatap.home
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
13 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
14 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
15 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
16 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
18 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
31 ...00 00 00 00 00 00 00 e0 isatap.home
19 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
20 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
21 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #8
22 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #9
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/16/2012 04:52:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e681b871-3680-4027-885c-c6453d3f14bf}

Error: (05/16/2012 04:27:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {61306d57-e746-499c-bc0e-05abd107d523}

Error: (05/16/2012 04:13:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2012 07:09:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2012 10:28:02 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/15/2012 10:04:46 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.ADH in File: C:\Users\Liyhs\AppData\Roaming\PPLiveVA\PPVAUpdate\PPVAUpdate.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (05/15/2012 10:03:48 PM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan.ADH in File: C:\Users\Liyhs\AppData\Roaming\PPLiveVA\PPVAUpdate\PPVAUpdate.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (05/15/2012 10:03:48 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.ADH in File: C:\Users\Liyhs\AppData\Roaming\PPLiveVA\PPVAUpdate\PPVAUpdate.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (05/15/2012 09:59:09 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Installed WARonline). Additional information: .

Error: (05/15/2012 09:53:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/16/2012 04:13:56 PM) (Source: Service Control Manager) (User: )
Description: SBRE

Error: (05/16/2012 07:09:11 AM) (Source: Service Control Manager) (User: )
Description: SBRE

Error: (05/15/2012 09:53:46 PM) (Source: Service Control Manager) (User: )
Description: SBRE

Error: (05/15/2012 09:23:45 PM) (Source: Service Control Manager) (User: )
Description: Apple Mobile Device%%1053

Error: (05/15/2012 09:23:45 PM) (Source: Service Control Manager) (User: )
Description: 30000Apple Mobile Device

Error: (05/15/2012 08:26:17 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (05/15/2012 08:26:15 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/15/2012 08:26:14 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/15/2012 08:25:59 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (05/15/2012 08:25:59 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068


Microsoft Office Sessions:
=========================
Error: (09/03/2011 06:49:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/12/2011 03:48:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/25/2011 06:49:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/19/2011 10:01:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/12/2011 05:25:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/12/2011 07:57:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/24/2011 04:27:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/01/2010 03:27:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/15/2010 05:32:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/24/2008 07:10:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 28684 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.4.980)
Adobe Content Viewer (Version: 1.4.0)
Adobe Creative Suite 5.5 Master Collection (Version: 5.5)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Flash Player 10 Plugin (Version: 10.2.153.1)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Ares 1.0.0.0
Ares Manual Patch (Version: 1.0.0.51)
CameraHelperMsi (Version: 13.30.1395.0)
Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.4 (Version: 3.4.0.0)
Canon Utilities EOS Utility (Version: 2.4.0.1)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities Original Data Security Tools (Version: 1.4.0.1)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.3.0.0)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
Charles 3.6.4 (Version: 3.6.4.0)
Charles 3.6.5 (Version: 3.6.5.6)
Cheat Engine 6.0
ChessBase 11 (Version: 11.0.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
DAEMON Tools Lite (Version: 4.45.3.0297)
Double Desktop Switcher
e-tax 2010 (Version: 1.0.682)
e-tax 2011 (Version: 11.1.704)
EOS USB WIA Driver (Version: 6.0.1.5)
erLT (Version: 1.20.138.34)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
FallenGears (Version: 2.4.4.1)
Fiddler2 (Version: 2.3.7.4)
Flatcast Viewer Plugin 5.3.0.752
Fraps (remove only)
Google Chrome (Version: 18.0.1025.168)
Google Update Helper (Version: 1.3.21.111)
Google Updater (Version: 2.4.2432.1652)
HyperCam 2
IceChat 7.70 (Build 20101031) (Version: 7.70)
Invision (Version: 3.2)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Logitech Webcam Software (Version: 2.30)
LWS Facebook (Version: 13.30.1346.0)
LWS Gallery (Version: 13.30.1379.0)
LWS Help_main (Version: 13.30.1396.0)
LWS Launcher (Version: 13.30.1379.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.30.1395.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.30.1379.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.30.1346.0)
Macromedia Extension Manager (Version: 1.7.240)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)
Microsoft Office Access 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office IME (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office PowerPoint 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1617.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 14.0.1468.721)
Nero (Version: 5.5.9.13)
Pando Media Booster (Version: 2.6.0.1)
PDF Settings CS5 (Version: 10.0)
Quick Batch File Compiler 3.2.9.0 (Version: 3.2.9.0)
QuickTime (Version: 7.66.73.0)
Skype? 5.5 (Version: 5.5.124)
Sothink SWF Decompiler (Version: 4.5)
TeamSpeak 3 Client
TypingRobot V1.0 Demo
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Vegas Pro 9.0 (Version: 9.0.704)
Ventrilo Client (Version: 3.0.8)
WARonline (Version: 1.0.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Movie Maker 2.6 (Version: 2.6.4040.0)
Xfire (remove only)
Yahoo! Detect
ZEMAX
Zoiper (Version: 2.36)
μTorrent (Version: 2.2.0)

========================= Devices: ================================

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3325.27 MB
Available physical RAM: 1687.24 MB
Total Pagefile: 6881.52 MB
Available Pagefile: 5216.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.11 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:281.45 GB) (Free:22.02 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.94 GB) NTFS
4 Drive f: () (Removable) (Total:3.73 GB) (Free:1.11 GB) FAT32
5 Drive g: (Liyh) (Fixed) (Total:174.25 GB) (Free:69.79 GB) NTFS

========================= Users: ========================================

User accounts for \\LIYHS-PC

Administrator Guest iTunes
Liyhs


**** End of log ****


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.15.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Liyhs :: LIYHS-PC [administrator]

Protection: Enabled

2012/5/16 18:52:24
mbam-log-2012-05-16 (18-52-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 68200
Time elapsed: 34 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 17:13:56
-----------------------------
17:13:56.254 OS Version: Windows 6.0.6002 Service Pack 2
17:13:56.254 Number of processors: 2 586 0x1706
17:13:56.254 ComputerName: LIYHS-PC UserName: Liyhs
17:15:45.268 Initialize success
17:15:45.315 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
17:18:07.736 AVAST engine defs: 12051501
17:18:22.447 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:18:22.447 Disk 0 Vendor: WDC_WD5000AAKS-75A7B0 01.03B01 Size: 476940MB BusType: 3
17:18:22.463 Disk 0 MBR read successfully
17:18:22.463 Disk 0 MBR scan
17:18:22.463 Disk 0 Windows VISTA default MBR code
17:18:22.478 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
17:18:22.494 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
17:18:22.525 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 288206 MB offset 21100544
17:18:22.525 Disk 0 Partition - 00 0F Extended LBA 178429 MB offset 611348480
17:18:22.572 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 178428 MB offset 611350528
17:18:22.587 Disk 0 scanning sectors +976771072
17:18:22.712 Disk 0 scanning C:\Windows\system32\drivers
17:18:48.719 Service scanning
17:19:34.989 Modules scanning
17:19:51.697 Disk 0 trace - called modules:
17:19:51.728 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8553b1e8]<<
17:19:51.728 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86137368]
17:19:51.728 3 CLASSPNP.SYS[8bba78b3] -> nt!IofCallDriver -> [0x85ef18c8]
17:19:51.728 5 acpi.sys[807b46bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85eef8a0]
17:19:51.728 \Driver\atapi[0x85edf030] -> IRP_MJ_CREATE -> 0x8553b1e8
17:19:55.051 AVAST engine scan C:\Windows
17:20:02.819 AVAST engine scan C:\Windows\system32
17:37:51.223 AVAST engine scan C:\Windows\system32\drivers
17:38:59.880 AVAST engine scan C:\Users\Liyhs
17:42:23.119 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
17:42:23.119 The log file has been saved successfully to "F:\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 17:43:07
-----------------------------
17:43:07.645 OS Version: Windows 6.0.6002 Service Pack 2
17:43:07.645 Number of processors: 2 586 0x1706
17:43:07.645 ComputerName: LIYHS-PC UserName: Liyhs
17:43:11.327 Initialize success
17:43:33.995 AVAST engine defs: 12051501
17:44:23.041 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:44:23.041 Disk 0 Vendor: WDC_WD5000AAKS-75A7B0 01.03B01 Size: 476940MB BusType: 3
17:44:23.104 Disk 0 MBR read successfully
17:44:23.104 Disk 0 MBR scan
17:44:23.213 Disk 0 Windows VISTA default MBR code
17:44:23.244 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
17:44:23.291 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
17:44:23.353 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 288206 MB offset 21100544
17:44:23.353 Disk 0 Partition - 00 0F Extended LBA 178429 MB offset 611348480
17:44:23.400 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 178428 MB offset 611350528
17:44:23.431 Disk 0 scanning sectors +976771072
17:44:23.603 Disk 0 scanning C:\Windows\system32\drivers
17:44:56.332 Service scanning
17:45:36.658 Modules scanning
17:46:15.502 Disk 0 trace - called modules:
17:46:15.517 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8553b1e8]<<
17:46:15.517 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86137368]
17:46:15.533 3 CLASSPNP.SYS[8bba78b3] -> nt!IofCallDriver -> [0x85ef18c8]
17:46:15.533 5 acpi.sys[807b46bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85eef8a0]
17:46:15.533 \Driver\atapi[0x85edf030] -> IRP_MJ_CREATE -> 0x8553b1e8
17:46:28.153 AVAST engine scan C:\Windows
17:46:45.501 AVAST engine scan C:\Windows\system32
17:58:50.630 AVAST engine scan C:\Windows\system32\drivers
17:59:40.831 AVAST engine scan C:\Users\Liyhs
19:31:30.765 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
19:31:30.774 The log file has been saved successfully to "F:\aswMBR.txt"

Also, the problem seemed to have fixed itself, I can now use my browsers, but I would like to know what the problems was and if I had fixed it without knowing or it's still here.
Thanks
Edit: This is happening again, Internet Explorer poped up on its own, I closed it and terminated its process tree, and now the same thing is happening, can not user chrome or firefox

Edited by KamiKara, 16 May 2012 - 06:05 AM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:13 AM

Posted 16 May 2012 - 11:01 AM

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

=================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 KamiKara

KamiKara
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 17 May 2012 - 03:44 AM

.\debug.cpp(238) : Debug log started at 17.05.2012 - 07:09:11
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : © 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82a46000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x82a13000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x8040f000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x80416000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x80486000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x80497000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x8049f000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x804e0000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8060c000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x80688000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x80695000 0x0011b000 "\SystemRoot\System32\Drivers\sptd.sys"
.\debug.cpp(256) : 0x807b0000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x807f6000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x80600000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x805c0000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x805e7000 0x00010000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x80400000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x8b400000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8b44a000 0x00007000 "\SystemRoot\system32\DRIVERS\intelide.sys"
.\debug.cpp(256) : 0x8b451000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8b45f000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x8b466000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8b476000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x8b47e000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x8b49c000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8b4ce000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8b4de000 0x00009000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x8b4e7000 0x00072000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8b605000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8b710000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x8b73b000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8b800000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8b8ea000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8ba01000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8bb11000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8bb4a000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8bb52000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8bb61000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x8bb88000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x8bb99000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8bbba000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x8bbe3000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x8bbee000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x8b905000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x90607000 0x0075e000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x8b914000 0x000a0000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x90d65000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x90d71000 0x0003b000 "\SystemRoot\system32\DRIVERS\e1e6032.sys"
.\debug.cpp(256) : 0x90dac000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x90db7000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x8b9b4000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8b559000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8b776000 0x0004a000 "\SystemRoot\system32\DRIVERS\HSXHWBS2.sys"
.\debug.cpp(256) : 0x8b9c3000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x90e0c000 0x00103000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys"
.\debug.cpp(256) : 0x90f0f000 0x000b4000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys"
.\debug.cpp(256) : 0x90fc3000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
.\debug.cpp(256) : 0x90fd0000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0x90fdb000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x90ff3000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x91004000 0x00044000 "\SystemRoot\System32\Drivers\a9fobo74.SYS"
.\debug.cpp(256) : 0x91048000 0x00026000 "\SystemRoot\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0x9106e000 0x00007000 "\SystemRoot\system32\DRIVERS\vncmirror.sys"
.\debug.cpp(256) : 0x91075000 0x00021000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x91096000 0x0001e000 "\SystemRoot\system32\DRIVERS\dne2000.sys"
.\debug.cpp(256) : 0x910b4000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x910e3000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x91124000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x9112f000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x91146000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x91151000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x91174000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x91183000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x91197000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x911ac000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x911bc000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x911c7000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x911d2000 0x0001d000 "\SystemRoot\system32\DRIVERS\mcdbus.sys"
.\debug.cpp(256) : 0x911ef000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8b7c0000 0x00040000 "\SystemRoot\system32\DRIVERS\dtsoftbus01.sys"
.\debug.cpp(256) : 0x911f1000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x8b9ed000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x93809000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x9383e000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x9384f000 0x001b0000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0x93a0a000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x93a37000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x93a5c000 0x00049000 "\SystemRoot\System32\Drivers\SRTSP.SYS"
.\debug.cpp(256) : 0x93aa5000 0x00011000 "\SystemRoot\System32\Drivers\SRTSPX.SYS"
.\debug.cpp(256) : 0x93f8c000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x93f95000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x93fa5000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x93fac000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x93fae000 0x00022000 "\??\C:\Windows\system32\Drivers\SYMEVENT.SYS"
.\debug.cpp(256) : 0x93fe4000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x93ab6000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x95e05000 0x00421000 "\SystemRoot\system32\DRIVERS\lvuvc.sys"
.\debug.cpp(256) : 0x96226000 0x00012000 "\SystemRoot\system32\drivers\usbaudio.sys"
.\debug.cpp(256) : 0x96238000 0x0004c000 "\SystemRoot\system32\DRIVERS\lvrs.sys"
.\debug.cpp(256) : 0x96284000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x9628d000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x96296000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x9629d000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x962a4000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x962b0000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x962b8000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x962c0000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x962cb000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x962d9000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x962e2000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x962f8000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x9630c000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x9633e000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x96386000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0x9638f000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x963a5000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x963b3000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x963c6000 0x0002c000 "\SystemRoot\System32\Drivers\SYMTDI.SYS"
.\debug.cpp(256) : 0x93acd000 0x00066000 "\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys"
.\debug.cpp(256) : 0x93b33000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x963f2000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x93b6f000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
.\debug.cpp(256) : 0x93bcd000 0x0001e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
.\debug.cpp(256) : 0x8b5e6000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x93fec000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x93e00000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x93beb000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xa9ed0000 0x00204000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x93bf3000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x8bbc3000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0xaa0f0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0xaa110000 0x0000e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0xae80d000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0xaa140000 0x0004d000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xae828000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0xae8d8000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0xae8e8000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0xae8fb000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0xae968000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xae985000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0xae99e000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0xae9b3000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb260e000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0xb2647000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0xb265f000 0x00028000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xb2687000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb26d6000 0x00090000 "\??\C:\Windows\system32\Drivers\CVPNDRVA.sys"
.\debug.cpp(256) : 0xb2766000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xb3e05000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xb3ee3000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xb3eed000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0xb3f15000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xb3f21000 0x00008000 "\SystemRoot\system32\DRIVERS\xaudio.sys"
.\debug.cpp(256) : 0x93e0b000 0x00180000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120510.002\NAVEX15.SYS"
.\debug.cpp(256) : 0xb3f79000 0x00014000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120510.002\NAVENG.SYS"
.\debug.cpp(256) : 0xb3f8d000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0xb3fa3000 0x00006000 "\SystemRoot\System32\Drivers\SYMREDRV.SYS"
.\debug.cpp(256) : 0xb3fa9000 0x00004000 "\??\C:\Windows\system32\drivers\mbam.sys"
.\debug.cpp(256) : 0xb3fad000 0x00015000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xb3fc2000 0x00015000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
.\debug.cpp(256) : 0xb3fd7000 0x00012000 "\SystemRoot\system32\DRIVERS\WUDFPf.sys"
.\debug.cpp(256) : 0xb3f29000 0x00019000 "\??\C:\Users\Liyhs\AppData\Local\Temp\fgloapow.sys"
.\debug.cpp(256) : 0x77510000 0x00128000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x77160000 0x003ac000 "\Program Files\DAEMON Tools Lite\Engine.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bb74279c-94ce-11e0-af57-00219b010466}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4A72B2E3-6363-47F8-A715-72A44748EAAC}"
.\debug.cpp(400) : Destination "\Device\NDMP21"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000000b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EB599ECB-8E56-47C7-98D8-D34BEE73FBBA}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD5000AAKS-75A7B0___________________01.03B01#5&163e592b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0802&MI_00#6&25f1e731&0&0000#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&715777&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&179223db&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{111C893F-5FAE-4840-A8C4-5D6581BB4EC7}"
.\debug.cpp(400) : Destination "\Device\NDMP22"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1C66A350-EC2C-462D-95A2-C0FFFF24E6B9}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&39bfd449&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa7f67d2-6289-11dd-a9e5-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0802&MI_00#6&25f1e731&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A#1&2afd7d61&0&0000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-df956287-9fed-11e1-8620-00219b010466"
.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-df956287-9fed-11e1-8620-00219b010466"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0781&PID_5567#20044324631AE8229C23#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1028020D&REV_1000#4&18ca5b6a&0&0201#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) : Destination "\Device\SymEvent"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{96F71649-E994-4483-A123-FE39CE76101F}"
.\debug.cpp(400) : Destination "\Device\NDMP16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mcdbus0"
.\debug.cpp(400) : Destination "\Device\mcdbus0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CVPNDRVA"
.\debug.cpp(400) : Destination "\Device\CVPNDRVA"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER_BLADE&REV_1.01#20044324631AE8229C23&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9}"
.\debug.cpp(400) : Destination "\Device\NDMP27"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_020D1028&REV_02#3&2411e6fe&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\mcdbus"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0461&PID_4D22#5&37cfe833&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{d35f7840-6a0c-11d2-b841-00c04fad5171}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62}"
.\debug.cpp(400) : Destination "\Device\NDMP23"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0133#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination "\Device\Tun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000000d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-df956288-9fed-11e1-8620-00219b010466"
.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-df956288-9fed-11e1-8620-00219b010466"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination "\Device\Video5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1028020D&REV_1000#4&18ca5b6a&0&0201#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00#4&22b40817&0&08F0#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_020D1028&REV_02#3&2411e6fe&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0113#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000000e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&a57e816&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02#3&2411e6fe&0&C8#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3203DE65-21DB-45F8-ADB4-3ED8FF9691F4}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A#1&2afd7d61&0&0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
.\debug.cpp(400) : Destination "\Device\SpDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) : Destination "\Device\RaidPort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0802#9497D760#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3968C214-68E2-4ADF-A9F7-3727E3D02DEA}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11122"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11122"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\XAudio"
.\debug.cpp(400) : Destination "\Device\XAudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_413C&PID_2003#6&e924fa1&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000087"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0113#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000000e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD+-RW_AD-7200S________________101A____#5&384a886&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0133#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination "\Device\NAVEX15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BBDRVCHANNEL"
.\debug.cpp(400) : Destination "\Device\BBDrvDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A197CFE9-AE19-4A34-8EE9-2B2E173B0A84}"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&39bfd449&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Blade&Rev_1.01#20044324631AE8229C23&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi6:"
.\debug.cpp(400) : Destination "\Device\Scsi\a9fobo741"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000000d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1c8e8b0d&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0461&PID_4D22#6&39f06282&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000083"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_020D1028&REV_02#3&2411e6fe&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{313303D4-D760-43F4-89EC-AD3DEE6F9523}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{30E5A389-932F-47DD-9A0C-5E95763AB1A7}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1c8e8b0d&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination "\Device\EraserCtrlDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RKSAMPLE0"
.\debug.cpp(400) : Destination "\Device\RKSAMPLE0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{854932a3-109a-11e1-821e-00219b010466}"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000005d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_413C&PID_2003#5&37cfe833&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature68000000Offset283F00000Length465CEFF000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1103&DEV_4320&SUBSYS_4B1B0291&REV_01#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000068"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0997782-7492-4B18-B15A-73CF6485CBD4}"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000005e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa7f67ce-6289-11dd-a9e5-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fgloapow"
.\debug.cpp(400) : Destination "\Device\fgloapow"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_413C&PID_2003#6&e924fa1&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000087"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER_BLADE&REV_1.01#20044324631AE8229C23&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination "\Device\NAVENG"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI14"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11122"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1e8ef8fa&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71D7C445-F328-4585-A4E7-BD5B4DDAB5E4}"
.\debug.cpp(400) : Destination "\Device\NDMP29"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
.\debug.cpp(400) : Destination "\Device\SRTSPX"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{50530503-8689-4CB7-9664-0866F28CE520}"
.\debug.cpp(400) : Destination "\Device\NDMP20"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination "\Device\USBFDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000000b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DTSoftBusCtl"
.\debug.cpp(400) : Destination "\Device\DTSoftBusCtl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DISPLAY#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\00000014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy20"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy20"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature68000000Offset3F00000Length280000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Blade&Rev_1.01#20044324631AE8229C23&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#DELD014#5&3b19524d&0&UID268435456#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\00000088"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_94C3&SUBSYS_04021028&REV_00#4&22f4f1a2&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Conexant D850 PCI V.92 Modem"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy21"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy21"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00#4&22b40817&0&08F0#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{61A35941-FAB3-4328-980E-8F37CE420D59}"
.\debug.cpp(400) : Destination "\Device\INTELPRO_{61A35941-FAB3-4328-980E-8F37CE420D59}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{06D6F65D-F1AE-4585-9218-DCD5A46EF68F}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy22"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy22"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0802&MI_02#6&25f1e731&0&0002#{01083072-dbf5-4edc-8ef6-9bfe8f1091e1}"
.\debug.cpp(400) : Destination "\Device\00000086"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0009#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000000a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mcdbus"
.\debug.cpp(400) : Destination "\Device\mcdbus"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy23"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy23"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature68000000Offset7E00Length3EB9200#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F}"
.\debug.cpp(400) : Destination "\Device\NDMP28"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02#3&2411e6fe&0&C8#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0008#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy24"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy24"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP25"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0008#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy25"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy25"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aa7f67cf-6289-11dd-a9e5-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD+-RW_AD-7200S________________101A____#5&384a886&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0802&MI_02#6&25f1e731&0&0002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000086"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&24cde621&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy26"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy26"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy19"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy19"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000067"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1028020D&REV_1000#4&18ca5b6a&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0802&MI_02#6&25f1e731&0&0002#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000086"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1028020D&REV_1000#4&18ca5b6a&0&0201#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{96080667-B7CD-470C-A31A-EF364BB809CD}"
.\debug.cpp(400) : Destination "\Device\NDMP15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6C59C4D1-088C-4429-BD86-23E753AAD1EB}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DNE"
.\debug.cpp(400) : Destination "\Device\DNE"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy27"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy27"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{61A35941-FAB3-4328-980E-8F37CE420D59}"
.\debug.cpp(400) : Destination "\Device\NDMP18"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1028020D&REV_1000#4&18ca5b6a&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy28"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy28"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1028020D&REV_1000#4&18ca5b6a&0&0201#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature68000000Offset48E0F00000Length2B8FC00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI"
.\debug.cpp(400) : Destination "\Device\SymTDI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP24"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy29"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy29"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0461&PID_4D22#6&39f06282&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000083"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3500F34A-CB5D-42B3-8CC2-84F296D673A6}"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector"
.\debug.cpp(400) : Destination "\Device\MBAMProtector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
.\debug.cpp(400) : Destination "\Device\SRTSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3977ee9f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&39e334e0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP26"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0007#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{76a893ed-6f68-11dd-b2f2-00219b010466}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_94C3&SUBSYS_04021028&REV_00#4&22f4f1a2&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0802&MI_00#6&25f1e731&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1F176EC7-D738-4ABE-A176-C04B4D14B914}"
.\debug.cpp(400) : Destination "\Device\NDMP14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CEA3A9F2-E9C8-400A-B767-0F14AE64E1C9}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0009#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000000a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#DELD014#5&3b19524d&0&UID268435456#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\00000088"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0007#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11122"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&14fdf0fc&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_020D1028&REV_02#3&2411e6fe&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`83f00000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-17 17:58:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-75A7B0 rev.01.03B01
Running: yllc7yfs.exe; Driver: C:\Users\Liyhs\AppData\Local\Temp\fgloapow.sys


---- System - GMER 1.0.15 ----

SSDT 880D3EB0 ZwAlertResumeThread
SSDT 880D3F90 ZwAlertThread
SSDT 880E9508 ZwAllocateVirtualMemory
SSDT 88007EE8 ZwConnectPort
SSDT 880D3C10 ZwCreateMutant
SSDT 880FDBA8 ZwCreateThread
SSDT 880E9338 ZwFreeVirtualMemory
SSDT 880D3CF0 ZwImpersonateAnonymousToken
SSDT 880D3DD0 ZwImpersonateThread
SSDT 880E9238 ZwMapViewOfSection
SSDT 880D3B30 ZwOpenEvent
SSDT 880E95F8 ZwOpenProcessToken
SSDT 8808E7C8 ZwOpenThreadToken
SSDT 873ABED0 ZwResumeThread
SSDT 8808E6E8 ZwSetContextThread
SSDT 8808E8A8 ZwSetInformationProcess
SSDT 8808E608 ZwSetInformationThread
SSDT 880D3A50 ZwSuspendProcess
SSDT 8808E448 ZwSuspendThread
SSDT 880FDE70 ZwTerminateProcess
SSDT 8808E528 ZwTerminateThread
SSDT 880E9158 ZwUnmapViewOfSection
SSDT 880E9418 ZwWriteVirtualMemory

INT 0x51 ? 85536CB8
INT 0x51 ? 85536CB8
INT 0x51 ? 85536CB8
INT 0x51 ? 85536CB8
INT 0x51 ? 87336F00
INT 0x51 ? 87336F00
INT 0x51 ? 85536CB8
INT 0x61 ? 87336F00
INT 0x82 ? 87336F00
INT 0xA2 ? 87336F00
INT 0xB2 ? 87336F00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 82ADF7E0 8 Bytes [B0, 3E, 0D, 88, 90, 3F, 0D, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 82ADF7F4 4 Bytes [08, 95, 0E, 88]
.text ntkrnlpa.exe!KeSetEvent + 1C1 82ADF884 4 Bytes CALL 9335F907
.text ntkrnlpa.exe!KeSetEvent + 1F5 82ADF8B8 4 Bytes [10, 3C, 0D, 88]
.text ntkrnlpa.exe!KeSetEvent + 221 82ADF8E4 4 Bytes [A8, DB, 0F, 88]
.text ...
.sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x807AC089]
.text USBPORT.SYS!DllUnload 903E641B 5 Bytes JMP 87336410
.text a0od05sk.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 9042D900 14 Bytes [D5, 7A, 22, D2, 75, 67, 35, ...]
.text a0od05sk.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + F 9042D90F 20 Bytes [3E, 11, 24, A3, 30, 11, EF, ...]
.text a0od05sk.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + 24 9042D924 7 Bytes [BC, 5C, F6, 28, 3F, E7, 52] {MOV ESP, 0x3f28f65c; OUT 0x52, EAX}
.text a0od05sk.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + 2C 9042D92C 4 Bytes [20, 2A, 14, B1] {AND [EDX], CH; ADC AL, 0xb1}
? C:\Windows\System32\Drivers\a0od05sk.SYS suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskeng.exe[2640] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 02691642
.text C:\Windows\system32\taskeng.exe[2640] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Windows\system32\taskeng.exe[2640] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 0269152C
.text C:\Windows\system32\taskeng.exe[2640] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 02691758
.text C:\Windows\system32\taskeng.exe[2640] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 02691871
.text C:\Windows\system32\Dwm.exe[2648] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01FB1642
.text C:\Windows\system32\Dwm.exe[2648] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Windows\system32\Dwm.exe[2648] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01FB152C
.text C:\Windows\system32\Dwm.exe[2648] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01FB1758
.text C:\Windows\system32\Dwm.exe[2648] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01FB1871
.text C:\Windows\Explorer.EXE[2692] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 03241642
.text C:\Windows\Explorer.EXE[2692] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Windows\Explorer.EXE[2692] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 0324152C
.text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 03241758
.text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 03241871
.text C:\Program Files\Windows Defender\MSASCui.exe[3140] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 00C61642
.text C:\Program Files\Windows Defender\MSASCui.exe[3140] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Windows Defender\MSASCui.exe[3140] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 00C6152C
.text C:\Program Files\Windows Defender\MSASCui.exe[3140] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 00C61758
.text C:\Program Files\Windows Defender\MSASCui.exe[3140] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 00C61871
.text C:\Windows\RtHDVCpl.exe[3152] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01F61642
.text C:\Windows\RtHDVCpl.exe[3152] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Windows\RtHDVCpl.exe[3152] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01F6152C
.text C:\Windows\RtHDVCpl.exe[3152] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01F61758
.text C:\Windows\RtHDVCpl.exe[3152] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01F61871
.text C:\Program Files\CAMI EduSuite\CAMIKey\CAMIKey.exe[3328] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 022B1642
.text C:\Program Files\CAMI EduSuite\CAMIKey\CAMIKey.exe[3328] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\CAMI EduSuite\CAMIKey\CAMIKey.exe[3328] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 022B152C
.text C:\Program Files\CAMI EduSuite\CAMIKey\CAMIKey.exe[3328] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 022B1758
.text C:\Program Files\CAMI EduSuite\CAMIKey\CAMIKey.exe[3328] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 022B1871
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3344] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01C51642
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3344] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3344] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01C5152C
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3344] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01C51758
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3344] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01C51871
.text C:\Program Files\iTunes\iTunesHelper.exe[3352] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 00FE1642
.text C:\Program Files\iTunes\iTunesHelper.exe[3352] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\iTunes\iTunesHelper.exe[3352] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 00FE152C
.text C:\Program Files\iTunes\iTunesHelper.exe[3352] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 00FE1758
.text C:\Program Files\iTunes\iTunesHelper.exe[3352] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 00FE1871
.text C:\Program Files\Brownie\BrStsWnd.exe[3424] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01BB1642
.text C:\Program Files\Brownie\BrStsWnd.exe[3424] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Brownie\BrStsWnd.exe[3424] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01BB152C
.text C:\Program Files\Brownie\BrStsWnd.exe[3424] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01BB1758
.text C:\Program Files\Brownie\BrStsWnd.exe[3424] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01BB1871
.text C:\Program Files\Brownie\brpjp04a.exe[3468] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01CC1642
.text C:\Program Files\Brownie\brpjp04a.exe[3468] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Brownie\brpjp04a.exe[3468] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01CC152C
.text C:\Program Files\Brownie\brpjp04a.exe[3468] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01CC1758
.text C:\Program Files\Brownie\brpjp04a.exe[3468] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01CC1871
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3476] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 019A1642
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3476] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3476] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 019A152C
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3476] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 019A1758
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[3476] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 019A1871
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01B01642
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01B0152C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01B01758
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01B01871
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3524] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01D61642
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3524] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3524] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01D6152C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3524] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01D61758
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3524] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01D61871
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3532] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01D41642
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3532] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3532] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01D4152C
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3532] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01D41758
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3532] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01D41871
.text C:\Windows\ehome\ehtray.exe[3560] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01AE1642
.text C:\Windows\ehome\ehtray.exe[3560] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Windows\ehome\ehtray.exe[3560] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01AE152C
.text C:\Windows\ehome\ehtray.exe[3560] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01AE1758
.text C:\Windows\ehome\ehtray.exe[3560] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01AE1871
.text C:\Windows\ehome\ehmsas.exe[3692] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01E21642
.text C:\Windows\ehome\ehmsas.exe[3692] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Windows\ehome\ehmsas.exe[3692] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01E2152C
.text C:\Windows\ehome\ehmsas.exe[3692] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01E21758
.text C:\Windows\ehome\ehmsas.exe[3692] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01E21871
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[3780] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 05441642
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[3780] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[3780] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 0544152C
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[3780] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 05441758
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[3780] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 05441871
.text C:\Program Files\Digital Line Detect\DLG.exe[3788] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 02E21642
.text C:\Program Files\Digital Line Detect\DLG.exe[3788] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Digital Line Detect\DLG.exe[3788] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 02E2152C
.text C:\Program Files\Digital Line Detect\DLG.exe[3788] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 02E21758
.text C:\Program Files\Digital Line Detect\DLG.exe[3788] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 02E21871
.text C:\Program Files\Internet Explorer\IEUser.exe[4044] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 00C11642
.text C:\Program Files\Internet Explorer\IEUser.exe[4044] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEUser.exe[4044] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 00C1152C
.text C:\Program Files\Internet Explorer\IEUser.exe[4044] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 00C11758
.text C:\Program Files\Internet Explorer\IEUser.exe[4044] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 00C11871
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[4472] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01061642
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[4472] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[4472] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 0106152C
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[4472] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01061758
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[4472] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01061871
.text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[4480] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 04041642
.text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[4480] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[4480] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 0404152C
.text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[4480] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 04041758
.text C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe[4480] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 04041871
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5144] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 01AA1642
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5144] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5144] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 01AA152C
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5144] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 01AA1758
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5144] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 01AA1871
.text C:\Windows\system32\conime.exe[5604] kernel32.dll!CreateProcessW 77591BF3 5 Bytes JMP 00A41642
.text C:\Windows\system32\conime.exe[5604] kernel32.dll!CreateProcessA 77591C28 1 Byte [E9]
.text C:\Windows\system32\conime.exe[5604] kernel32.dll!CreateProcessA 77591C28 5 Bytes JMP 00A4152C
.text C:\Windows\system32\conime.exe[5604] ADVAPI32.dll!CreateProcessAsUserA 76D9CEB9 5 Bytes JMP 00A41758
.text C:\Windows\system32\conime.exe[5604] ADVAPI32.dll!CreateProcessAsUserW 76DB1EE9 5 Bytes JMP 00A41871

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [80699F12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8069A232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80699730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8069A0F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80699856] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80699914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74437817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7447B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7443BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7442F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7442E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744673F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7443DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7442FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7442FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [744BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7445C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7442D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74426853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7442687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74432AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0x83 0x5A 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0xA2 0xDD 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x5C 0x8D 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0x83 0x5A 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0xA2 0xDD 0xCE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x5C 0x8D 0x25 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{489CCDA4-E31B-4BA8-B6F3-4991052D9EEA}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7703D32F-B3DB-42E0-A26E-6D610284FCC0}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{489CCDA4-E31B-4BA8-B6F3-4991052D9EEA}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{489CCDA4-E31B-4BA8-B6F3-4991052D9EEA}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{489CCDA4-E31B-4BA8-B6F3-4991052D9EEA}@Hash 0x29 0x69 0x1C 0x8D ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{489CCDA4-E31B-4BA8-B6F3-4991052D9EEA}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{489CCDA4-E31B-4BA8-B6F3-4991052D9EEA}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7703D32F-B3DB-42E0-A26E-6D610284FCC0}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7703D32F-B3DB-42E0-A26E-6D610284FCC0}@Path \Microsoft\Windows Defender\MP Scheduled Signature Update
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7703D32F-B3DB-42E0-A26E-6D610284FCC0}@Hash 0xBD 0x2F 0x87 0x91 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7703D32F-B3DB-42E0-A26E-6D610284FCC0}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7703D32F-B3DB-42E0-A26E-6D610284FCC0}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {489CCDA4-E31B-4BA8-B6F3-4991052D9EEA}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Signature Update@Id {7703D32F-B3DB-42E0-A26E-6D610284FCC0}
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\798629469\Groups@\vgS 0

#6 KamiKara

KamiKara
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 17 May 2012 - 03:44 AM

posted multiple times.

Edited by KamiKara, 17 May 2012 - 03:49 AM.


#7 KamiKara

KamiKara
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 17 May 2012 - 03:47 AM

internet acted weird.. posted multiple times :(

Edited by KamiKara, 17 May 2012 - 03:48 AM.


#8 KamiKara

KamiKara
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 17 May 2012 - 03:47 AM

posted multiple times.

Edited by KamiKara, 17 May 2012 - 03:50 AM.


#9 KamiKara

KamiKara
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 17 May 2012 - 03:47 AM

posted multiple times.

Edited by KamiKara, 17 May 2012 - 04:01 AM.


#10 KamiKara

KamiKara
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 17 May 2012 - 03:47 AM

.

Edited by KamiKara, 17 May 2012 - 03:48 AM.


#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:13 AM

Posted 17 May 2012 - 10:45 AM

GMER log is incomplete.
Please repost.
If you have a problem with pasting it here...

Upload the file(s) here: http://uploadmb.com/
Copy the link inside the Direct Link box and post it in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 KamiKara

KamiKara
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 18 May 2012 - 07:19 AM

Hello Broni,
I do not have access to scanning at the moment, will post when i finish (maybe tomorrow)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users