Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected? What do I do?


  • Please log in to reply
3 replies to this topic

#1 rakkarage

rakkarage

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 29 April 2015 - 07:08 PM

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com
 
Program version: 1.2.0.1
OS Version: Microsoft  (build 9200), 64-bit
 
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`29d00000
Boot sector MD5 is: 023fb285bf9850ccc10287a3a8db3603
 
     Size  Device Name          MBR Status
 --------------------------------------------
   931 GB  \\.\PhysicalDrive0   Unknown boot code
 
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
 
 
Done;
Press any key to quit...

 

 

 

.\debug.cpp(238) : Debug log started at 30.04.2015 - 00:00:36

.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : © 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft  (build 9200), 64-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x2dc7f000 0x00841000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x2dc0e000 0x00071000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x2cb68000 0x0000b000 "\SystemRoot\system32\kd.dll"
.\debug.cpp(256) : 0xd5ef0000 0x00082000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x2cb78000 0x00009000 "\SystemRoot\system32\HalExtIntcLpioDma.dll"
.\debug.cpp(256) : 0xd5f80000 0x00010000 "\SystemRoot\System32\drivers\werkernel.sys"
.\debug.cpp(256) : 0xd5f90000 0x00065000 "\SystemRoot\System32\drivers\CLFS.SYS"
.\debug.cpp(256) : 0xd5000000 0x00023000 "\SystemRoot\System32\drivers\tm.sys"
.\debug.cpp(256) : 0xd5030000 0x00017000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0xd5050000 0x0000b000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xd5060000 0x00061000 "\SystemRoot\System32\drivers\FLTMGR.SYS"
.\debug.cpp(256) : 0xd50d0000 0x0005b000 "\SystemRoot\System32\drivers\msrpc.sys"
.\debug.cpp(256) : 0xd5130000 0x00025000 "\SystemRoot\System32\drivers\ksecdd.sys"
.\debug.cpp(256) : 0xd5160000 0x00091000 "\SystemRoot\System32\drivers\clipsp.sys"
.\debug.cpp(256) : 0xd5200000 0x0000e000 "\SystemRoot\System32\drivers\cmimcext.sys"
.\debug.cpp(256) : 0xd5210000 0x0000c000 "\SystemRoot\System32\drivers\ntosext.sys"
.\debug.cpp(256) : 0xd5220000 0x00097000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0xd52c0000 0x000dc000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0xd53a0000 0x00012000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0xd53c0000 0x00023000 "\SystemRoot\System32\Drivers\acpiex.sys"
.\debug.cpp(256) : 0xd53f0000 0x0000d000 "\SystemRoot\System32\Drivers\WppRecorder.sys"
.\debug.cpp(256) : 0xd5400000 0x00096000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0xd54a0000 0x00093000 "\SystemRoot\System32\drivers\ACPI.sys"
.\debug.cpp(256) : 0xd5540000 0x0000c000 "\SystemRoot\System32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0xd5560000 0x0001e000 "\SystemRoot\system32\drivers\WindowsTrustedRT.sys"
.\debug.cpp(256) : 0xd5580000 0x0000b000 "\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys"
.\debug.cpp(256) : 0xd5590000 0x00012000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0xd55b0000 0x0000b000 "\SystemRoot\System32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0xd55c0000 0x00053000 "\SystemRoot\System32\drivers\pci.sys"
.\debug.cpp(256) : 0xd5620000 0x0000f000 "\SystemRoot\System32\drivers\vdrvroot.sys"
.\debug.cpp(256) : 0xd5630000 0x0001d000 "\SystemRoot\system32\drivers\pdc.sys"
.\debug.cpp(256) : 0xd5650000 0x00019000 "\SystemRoot\system32\drivers\CEA.sys"
.\debug.cpp(256) : 0xd5670000 0x00022000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0xd56a0000 0x00077000 "\SystemRoot\System32\drivers\spaceport.sys"
.\debug.cpp(256) : 0xd5720000 0x00018000 "\SystemRoot\System32\drivers\volmgr.sys"
.\debug.cpp(256) : 0xd5740000 0x0005e000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0xd57a0000 0x0001d000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0xd57c0000 0x00025000 "\SystemRoot\System32\drivers\storahci.sys"
.\debug.cpp(256) : 0xd57f0000 0x0006e000 "\SystemRoot\System32\drivers\storport.sys"
.\debug.cpp(256) : 0xd5860000 0x0001b000 "\SystemRoot\System32\drivers\EhStorClass.sys"
.\debug.cpp(256) : 0xd5880000 0x00019000 "\SystemRoot\System32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0xd58a0000 0x00038000 "\SystemRoot\System32\Drivers\Wof.sys"
.\debug.cpp(256) : 0xd58e0000 0x0004b000 "\SystemRoot\system32\drivers\WdFilter.sys"
.\debug.cpp(256) : 0xd5930000 0x0020c000 "\SystemRoot\System32\Drivers\NTFS.sys"
.\debug.cpp(256) : 0xd5b40000 0x0000d000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0xd5b50000 0x00121000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0xd5c80000 0x00078000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0xd5d00000 0x0002d000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0xd6e10000 0x00271000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0xd7090000 0x00067000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0xd7100000 0x00029000 "\SystemRoot\System32\drivers\wfplwfs.sys"
.\debug.cpp(256) : 0xd7130000 0x0009f000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0xd6000000 0x00060000 "\SystemRoot\System32\drivers\volsnap.sys"
.\debug.cpp(256) : 0xd6060000 0x00043000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0xd60b0000 0x00023000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0xd60e0000 0x00010000 "\SystemRoot\System32\drivers\intelpep.sys"
.\debug.cpp(256) : 0xd6100000 0x0001e000 "\SystemRoot\System32\drivers\disk.sys"
.\debug.cpp(256) : 0xd6120000 0x0005f000 "\SystemRoot\System32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0xd61a0000 0x00018000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0xd6280000 0x00031000 "\SystemRoot\System32\drivers\cdrom.sys"
.\debug.cpp(256) : 0xd62c0000 0x0001a000 "\SystemRoot\system32\drivers\filecrypt.sys"
.\debug.cpp(256) : 0xd62e0000 0x0000c000 "\SystemRoot\system32\drivers\tbs.sys"
.\debug.cpp(256) : 0xd62f0000 0x0000a000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xd6300000 0x0000a000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xd6310000 0x00014000 "\SystemRoot\System32\drivers\BasicDisplay.sys"
.\debug.cpp(256) : 0xd6330000 0x00014000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0xd6350000 0x001db000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0xd6530000 0x00011000 "\SystemRoot\System32\drivers\BasicRender.sys"
.\debug.cpp(256) : 0xd6550000 0x00019000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xd6570000 0x0000f000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xd6580000 0x00021000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0xd65b0000 0x0000f000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xd65c0000 0x0004c000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xd6610000 0x00092000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0xd66b0000 0x0001a000 "\SystemRoot\System32\drivers\vwififlt.sys"
.\debug.cpp(256) : 0xd66d0000 0x0002b000 "\SystemRoot\System32\drivers\pacer.sys"
.\debug.cpp(256) : 0xd6700000 0x00012000 "\SystemRoot\system32\drivers\netbios.sys"
.\debug.cpp(256) : 0xd6720000 0x00070000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xd6790000 0x0008d000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0xd6820000 0x00010000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0xd6830000 0x0000d000 "\SystemRoot\System32\drivers\npsvctrig.sys"
.\debug.cpp(256) : 0xd6840000 0x0000e000 "\SystemRoot\System32\drivers\mssmbios.sys"
.\debug.cpp(256) : 0xd6850000 0x00029000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0xd68a0000 0x00030000 "\SystemRoot\system32\DRIVERS\ahcache.sys"
.\debug.cpp(256) : 0xd68d0000 0x00011000 "\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_859ebeaf0aec25be\CompositeBus.sys"
.\debug.cpp(256) : 0xd68f0000 0x0000d000 "\SystemRoot\System32\drivers\kdnic.sys"
.\debug.cpp(256) : 0xd6900000 0x00013000 "\SystemRoot\System32\drivers\umbus.sys"
.\debug.cpp(256) : 0xd8370000 0x005bb000 "\SystemRoot\system32\DRIVERS\igdkmd64.sys"
.\debug.cpp(256) : 0xd8930000 0x0001b000 "\SystemRoot\System32\drivers\HDAudBus.sys"
.\debug.cpp(256) : 0xd8950000 0x0005b000 "\SystemRoot\System32\drivers\USBXHCI.SYS"
.\debug.cpp(256) : 0xd89b0000 0x00036000 "\SystemRoot\system32\drivers\ucx01000.sys"
.\debug.cpp(256) : 0xd7a00000 0x00023000 "\SystemRoot\system32\DRIVERS\TeeDriverx64.sys"
.\debug.cpp(256) : 0xd7a30000 0x00093000 "\SystemRoot\System32\drivers\rt640x64.sys"
.\debug.cpp(256) : 0xd7ad0000 0x0001b000 "\SystemRoot\System32\drivers\usbehci.sys"
.\debug.cpp(256) : 0xd7af0000 0x00075000 "\SystemRoot\System32\drivers\USBPORT.SYS"
.\debug.cpp(256) : 0xd7b70000 0x00020000 "\SystemRoot\System32\drivers\i8042prt.sys"
.\debug.cpp(256) : 0xd7b90000 0x00011000 "\SystemRoot\System32\drivers\mouclass.sys"
.\debug.cpp(256) : 0xd7bb0000 0x00096000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xd7c50000 0x0000e000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xd7c60000 0x00012000 "\SystemRoot\System32\drivers\kbdclass.sys"
.\debug.cpp(256) : 0xd7c80000 0x0000d000 "\SystemRoot\System32\drivers\iaLPSSi_GPIO.sys"
.\debug.cpp(256) : 0xd7c90000 0x0002a000 "\SystemRoot\System32\Drivers\msgpioclx.sys"
.\debug.cpp(256) : 0xd7cc0000 0x00022000 "\SystemRoot\System32\drivers\iaLPSSi_I2C.sys"
.\debug.cpp(256) : 0xd7cf0000 0x00017000 "\SystemRoot\system32\drivers\SpbCx.sys"
.\debug.cpp(256) : 0xd7d10000 0x00027000 "\SystemRoot\System32\drivers\iaLPSS_UART2.sys"
.\debug.cpp(256) : 0xd7d40000 0x0002a000 "\SystemRoot\system32\drivers\SerCx2.sys"
.\debug.cpp(256) : 0xd7d70000 0x00029000 "\SystemRoot\System32\drivers\intelppm.sys"
.\debug.cpp(256) : 0xd7da0000 0x0000b000 "\SystemRoot\System32\drivers\acpipagr.sys"
.\debug.cpp(256) : 0xd7db0000 0x0000e000 "\SystemRoot\System32\drivers\CmBatt.sys"
.\debug.cpp(256) : 0xd7dc0000 0x0000e000 "\SystemRoot\System32\drivers\BATTC.SYS"
.\debug.cpp(256) : 0xd7dd0000 0x0000c000 "\SystemRoot\System32\drivers\wmiacpi.sys"
.\debug.cpp(256) : 0xd7de0000 0x0000a000 "\SystemRoot\System32\drivers\DellRbtn.sys"
.\debug.cpp(256) : 0xd7df0000 0x0000b000 "\SystemRoot\System32\drivers\mshidkmdf.sys"
.\debug.cpp(256) : 0xd7e00000 0x00028000 "\SystemRoot\System32\drivers\HIDCLASS.SYS"
.\debug.cpp(256) : 0xd7e30000 0x00011000 "\SystemRoot\System32\drivers\HIDPARSE.SYS"
.\debug.cpp(256) : 0xd7e50000 0x0000d000 "\SystemRoot\System32\drivers\UEFI.sys"
.\debug.cpp(256) : 0xd7e60000 0x00010000 "\SystemRoot\System32\drivers\mirahid.sys"
.\debug.cpp(256) : 0xd7e70000 0x0000d000 "\SystemRoot\System32\drivers\NdisVirtualBus.sys"
.\debug.cpp(256) : 0xd7e80000 0x0000c000 "\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_9776dd027adc8236\swenum.sys"
.\debug.cpp(256) : 0xd7e90000 0x00066000 "\SystemRoot\System32\drivers\ks.sys"
.\debug.cpp(256) : 0xd7f00000 0x0000d000 "\SystemRoot\System32\drivers\rdpbus.sys"
.\debug.cpp(256) : 0xd7f10000 0x0007e000 "\SystemRoot\System32\drivers\usbhub.sys"
.\debug.cpp(256) : 0xd7f90000 0x00081000 "\SystemRoot\System32\drivers\UsbHub3.sys"
.\debug.cpp(256) : 0xd8020000 0x00013000 "\SystemRoot\System32\drivers\hidi2c.sys"
.\debug.cpp(256) : 0xd8040000 0x0000f000 "\SystemRoot\System32\drivers\mouhid.sys"
.\debug.cpp(256) : 0xd8050000 0x0000c000 "\SystemRoot\System32\drivers\MTConfig.sys"
.\debug.cpp(256) : 0xd8060000 0x00064000 "\SystemRoot\system32\DRIVERS\HdAudio.sys"
.\debug.cpp(256) : 0xd80d0000 0x00050000 "\SystemRoot\system32\DRIVERS\portcls.sys"
.\debug.cpp(256) : 0xd8120000 0x00020000 "\SystemRoot\system32\DRIVERS\drmk.sys"
.\debug.cpp(256) : 0xd8140000 0x00054000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0xd81a0000 0x0000e000 "\SystemRoot\system32\drivers\ksthunk.sys"
.\debug.cpp(256) : 0xd6920000 0x00436000 "\SystemRoot\system32\drivers\RTKVHD64.sys"
.\debug.cpp(256) : 0xd81b0000 0x0002b000 "\SystemRoot\System32\drivers\usbccgp.sys"
.\debug.cpp(256) : 0xd81e0000 0x0003d000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0x1b470000 0x00023000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x1c070000 0x00384000 "\SystemRoot\System32\win32kfull.sys"
.\debug.cpp(256) : 0x1b600000 0x00145000 "\SystemRoot\System32\win32kbase.sys"
.\debug.cpp(256) : 0xd8220000 0x00076000 "\SystemRoot\System32\drivers\dxgmms2.sys"
.\debug.cpp(256) : 0xd82a0000 0x00010000 "\SystemRoot\System32\drivers\monitor.sys"
.\debug.cpp(256) : 0x1b760000 0x0000a000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0xd82b0000 0x00054000 "\SystemRoot\system32\DRIVERS\udfs.sys"
.\debug.cpp(256) : 0xd8320000 0x0000f000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
.\debug.cpp(256) : 0xd6d60000 0x00025000 "\SystemRoot\System32\Drivers\dump_storahci.sys"
.\debug.cpp(256) : 0xd6db0000 0x0001a000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0xd6dd0000 0x00015000 "\SystemRoot\system32\drivers\storqosflt.sys"
.\debug.cpp(256) : 0xd71d0000 0x00026000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0xd61c0000 0x00016000 "\SystemRoot\system32\drivers\mslldp.sys"
.\debug.cpp(256) : 0xd61e0000 0x0001a000 "\SystemRoot\system32\drivers\rspndr.sys"
.\debug.cpp(256) : 0xd6200000 0x00016000 "\SystemRoot\system32\drivers\lltdio.sys"
.\debug.cpp(256) : 0xd5d30000 0x000fe000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0xd6220000 0x00022000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0xd5e30000 0x00072000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xd5eb0000 0x0003d000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0xd6250000 0x00019000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0xdb620000 0x00042000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xdb670000 0x00012000 "\SystemRoot\system32\drivers\mmcss.sys"
.\debug.cpp(256) : 0xdb690000 0x0004e000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0xdb6e0000 0x00023000 "\SystemRoot\system32\drivers\Ndu.sys"
.\debug.cpp(256) : 0xdb710000 0x000c0000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xdb7d0000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xdaa00000 0x000ac000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xdaab0000 0x00014000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xdaad0000 0x00021000 "\SystemRoot\system32\Drivers\WdNisDrv.sys"
.\debug.cpp(256) : 0xdab00000 0x0008b000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xdabc0000 0x00011000 "\SystemRoot\System32\drivers\condrv.sys"
.\debug.cpp(256) : 0xdabe0000 0x00010000 "\SystemRoot\System32\drivers\hidusb.sys"
.\debug.cpp(256) : 0xdacc0000 0x0000d000 "\??\C:\Windows\System32\drivers\TrueSight.sys"
.\debug.cpp(256) : 0x1b7f0000 0x0003c000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0xdaeb0000 0x0002e000 "\SystemRoot\System32\drivers\tunnel.sys"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#DLL0654&Col02#5&2e74faed&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000044"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_61_-_Intel®_Core™_i5-5200U_CPU_@_2.20GHz#_3#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\00000014"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_61_-_Intel®_Core™_i5-5200U_CPU_@_2.20GHz#_1#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\00000012"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :  Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) :  Destination "\Device\00000004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0B#1#{05ecd13d-81da-4a2a-8a4c-524f23dd4dc9}"
.\debug.cpp(400) :  Destination "\Device\00000020"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :  Destination "\Device\Video0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_5756&MI_00#7&273c5d97&0&0000#{e5323777-f976-4f5b-9b55-b94699c46e44}"
.\debug.cpp(400) :  Destination "\Device\0000004f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4de93f6e-eddf-11e4-b62a-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_TSSTcorp&Prod_DVD+-RW_SU-208GB#4&1b354dc5&0&010000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\0000003a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000000d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{4de93f5b-eddf-11e4-b62a-806e6f6e6963}#0000006C95500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SWD#IP_TUNNEL_VBUS#ISATAP_0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000006c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_076C&Col02#7&3022a4ce&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000005e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2808&SUBSYS_80860101&REV_1000#4&23c9c05&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :  Destination "\Device\00000047"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#spaceport#0000#{ef66a56f-88d1-4cd8-98c4-49faf57ad8af}"
.\debug.cpp(400) :  Destination "\Device\00000005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1616&SUBSYS_06541028&REV_09#3&11583659&0&10#{e6dfdc31-31d0-46ac-86af-da1eb05fc599}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0255&SUBSYS_10280654&REV_1000#4&35de341&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :  Destination "\Device\0000004a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ACPI000C#2&daba3ff&1#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\00000016"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) :  Destination "\Device\Psched"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0B#1#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\00000020"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_06541028&REV_07#01000000364CE00000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) :  Destination "\Device\AscKmd"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0255&SUBSYS_10280654&REV_1000#4&35de341&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000004a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000000d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0B#2#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\00000021"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_076C&Col02#7&3022a4ce&0&0001#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000005e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_076C&Col01#7&3022a4ce&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000005d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_9CBA&SUBSYS_06541028&REV_03#3&11583659&0&B0#{e2d1ff34-3458-49a9-88da-8e6915ce9be5}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{3dfeb8ec-58e1-4a24-9568-d2749ebd24d0}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_076C#5&28427ec8&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SWD#PRINTENUM#{81E2CE13-8B60-45B5-9963-E588CEE4A565}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}"
.\debug.cpp(400) :  Destination "\Device\0000005b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0255&SUBSYS_10280654&REV_1000#4&35de341&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000004a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#DLL0654&Col03#5&2e74faed&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000045"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_61_-_Intel®_Core™_i5-5200U_CPU_@_2.20GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000013"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) :  Destination "\Device\SynTP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ahcache"
.\debug.cpp(400) :  Destination "\Device\ahcache"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#DELLABCE#3&233516d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000040"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) :  Destination "\Device\00000018"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NisDrv"
.\debug.cpp(400) :  Destination "\Device\NisDrv"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) :  Destination "\Device\PEAuth"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_8001#5&65c42f0&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :  Destination "\Device\USBFDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CONIN$"
.\debug.cpp(400) :  Destination "\Device\ConDrv\CurrentIn"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) :  Destination "\Device\IPSECDOSP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :  Destination "\Device\RaidPort0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0B#0#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\0000001f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :  Destination "\Device\WMIDataDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2808&SUBSYS_80860101&REV_1000#4&23c9c05&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000047"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#DLL0654&Col01#5&2e74faed&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000043"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{10bcbb52-e5e5-4b6f-a4de-4094b03aa932}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Spaceport"
.\debug.cpp(400) :  Destination "\Device\Spaceport"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :  Destination "\Device\Video1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :  Destination "\Device\Mup"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) :  Destination "\Device\vwififlt"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#BasicDisplay#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :  Destination "\Device\00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :  Destination "\Device\Tcp"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :  Destination "\Device\00000051"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1f4747d7&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#DLL065A#4&28d2b217&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000000d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#mirahid#0000#{a2b00cf3-26e1-407e-bdc2-23c668e672e2}"
.\debug.cpp(400) :  Destination "\Device\0000000a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_9C83&SUBSYS_06541028&REV_03#3&11583659&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NduIoDevice"
.\debug.cpp(400) :  Destination "\Device\NduIoDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0255&SUBSYS_10280654&REV_1000#4&35de341&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) :  Destination "\Device\0000004a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :  Destination "\DosDevices\LPT1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{4de93f5b-eddf-11e4-b62a-806e6f6e6963}#0000006CB1700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#spaceport#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ00#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000024"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LLDPCTRL"
.\debug.cpp(400) :  Destination "\Device\LLDPCTRL"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :  Destination "\Device\0000000d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition4"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Disk{62fcd983-b15b-5465-0c49-5ad19c967215}"
.\debug.cpp(400) :  Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0B#3#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\00000022"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000000d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition5"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0255&SUBSYS_10280654&REV_1000#4&35de341&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000004a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#DLL0654&Col01#5&2e74faed&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000043"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition6"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{4de93f5b-eddf-11e4-b62a-806e6f6e6963}#0000000029D00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :  Destination "\Device\MountPointManager"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0255&SUBSYS_10280654&REV_1000#4&35de341&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :  Destination "\Device\0000004a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_9CB1&SUBSYS_06541028&REV_03#3&11583659&0&A0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CONOUT$"
.\debug.cpp(400) :  Destination "\Device\ConDrv\CurrentOut"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\0000001b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0255&SUBSYS_10280654&REV_1000#4&35de341&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :  Destination "\Device\0000004a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3120E009-1FAE-43FC-BE8F-C02C7E2F1679}"
.\debug.cpp(400) :  Destination "\Device\NDMP1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ01#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000025"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :  Destination "\GLOBAL??"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#BasicRender#0000#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) :  Destination "\Device\00000009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :  Destination "\Device\Video2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) :  Destination "\clfs"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0B#4#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\00000023"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) :  Destination "\Device\00000018"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_61_-_Intel®_Core™_i5-5200U_CPU_@_2.20GHz#_4#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\00000015"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_61_-_Intel®_Core™_i5-5200U_CPU_@_2.20GHz#_2#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\00000013"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_9CA6&SUBSYS_06541028&REV_03#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AUO119E#4&3b1ad5f6&0&UID265988#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) :  Destination "\Device\00000051"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) :  Destination "\Device\00000004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{05150F4A-CB6B-4680-90B9-DA5251F66852}"
.\debug.cpp(400) :  Destination "\Device\NDMP13"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SWD#PRINTENUM#{4AD3B50C-A1CC-43BD-B6EB-3CCF3934B4CC}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}"
.\debug.cpp(400) :  Destination "\Device\0000005a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SWD#MMDEVAPI#MicrosoftGSWavetableSynth#{6dc23320-ab33-4ce4-80d4-bbb3ebbf2814}"
.\debug.cpp(400) :  Destination "\Device\00000054"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :  Destination "\Device\MailSlot"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\0000001c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_5756&MI_00#7&273c5d97&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000004f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_61_-_Intel®_Core™_i5-5200U_CPU_@_2.20GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000014"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_61_-_Intel®_Core™_i5-5200U_CPU_@_2.20GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000012"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{4de93f5b-eddf-11e4-b62a-806e6f6e6963}#0000000021D00000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ntfs"
.\debug.cpp(400) :  Destination "\Ntfs"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) :  Destination "\Device\VolMgrControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AUO119E#4&3b1ad5f6&0&UID265988#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) :  Destination "\Device\00000051"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) :  Destination "\Device\Nsi"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :  Destination "\Device\FsWrap"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WindowsTrustedRT"
.\debug.cpp(400) :  Destination "\Device\WindowsTrustedRT"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EB438E54-E731-4D90-9582-BD3D86E08155}"
.\debug.cpp(400) :  Destination "\Device\NDMP14"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1616&SUBSYS_06541028&REV_09#3&11583659&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB30#4&20c7564&0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000000d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000000d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume4"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SWD#IP_TUNNEL_VBUS#ISATAP_0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000006c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) :  Destination "\Device\Secdrv"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_TSSTcorp&Prod_DVD+-RW_SU-208GB#4&1b354dc5&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\0000003a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :  Destination "\Device\00000007"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CON"
.\debug.cpp(400) :  Destination "\Device\ConDrv\Console"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume5"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SWD#MMDEVAPI#{0.0.1.00000000}.{a9cb5e6e-8125-448b-b77f-7a2d4dc3beef}#{2eef81be-33fa-4800-9670-1cd474972c3f}"
.\debug.cpp(400) :  Destination "\Device\00000053"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SWD#MMDEVAPI#{0.0.0.00000000}.{eb4579bf-c202-4326-b29c-5d947c51862c}#{e6327cad-dcec-4949-ae8a-991e976a79d2}"
.\debug.cpp(400) :  Destination "\Device\00000052"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume6"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{4de93f5b-eddf-11e4-b62a-806e6f6e6963}#0000000000100000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_TOSHIBA&Prod_MQ01ABD100#4&1b354dc5&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000039"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) :  Destination "\Device\NXTIPSEC"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) :  Destination "\Device\TeredoTun"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TrueSight"
.\debug.cpp(400) :  Destination "\Device\TrueSight"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :  Destination "\Device\Video3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\0000001a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1616&SUBSYS_06541028&REV_09#3&11583659&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) :  Destination "\Device\WFP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0B#3#{05ecd13d-81da-4a2a-8a4c-524f23dd4dc9}"
.\debug.cpp(400) :  Destination "\Device\00000022"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RESOURCE_HUB"
.\debug.cpp(400) :  Destination "\Device\RESOURCE_HUB"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) :  Destination "\Device\MPS"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{ac9e63a2-c5b0-4786-820d-7bc93d37beed}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) :  Destination "\Device\WfpAle"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :  Destination "\Device\Ndis"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI_ROOT_OBJECT"
.\debug.cpp(400) :  Destination "\Device\0000000f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) :  Destination "\Device\PartmgrControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0B#4#{05ecd13d-81da-4a2a-8a4c-524f23dd4dc9}"
.\debug.cpp(400) :  Destination "\Device\00000023"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0B#2#{05ecd13d-81da-4a2a-8a4c-524f23dd4dc9}"
.\debug.cpp(400) :  Destination "\Device\00000021"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#DLL0654&Col04#5&2e74faed&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000046"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_61_-_Intel®_Core™_i5-5200U_CPU_@_2.20GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000015"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_06541028&REV_07#01000000364CE00000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :  Destination "\Device\NamedPipe"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PciControl"
.\debug.cpp(400) :  Destination "\Device\PciControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :  Destination ""
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SWD#IP_TUNNEL_VBUS#Teredo_Tunnel_Device#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000006d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SWD#IP_TUNNEL_VBUS#Teredo_Tunnel_Device#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000006d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SWD#PRINTENUM#{E80179A0-DA33-4A9B-BB08-300D30DEB7DD}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}"
.\debug.cpp(400) :  Destination "\Device\00000059"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_5756#200901010001#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2808&SUBSYS_80860101&REV_1000#4&23c9c05&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :  Destination "\Device\00000047"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :  Destination "\DosDevices\COM1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000026"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AUO119E#4&3b1ad5f6&0&UID265988#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}"
.\debug.cpp(400) :  Destination "\Device\00000051"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_5756&MI_00#7&273c5d97&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000004f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#DLLK0654#4&28d2b217&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000038"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :  Destination "\Device\Null"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2808&SUBSYS_80860101&REV_1000#4&23c9c05&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) :  Destination "\Device\00000047"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{4de93f5b-eddf-11e4-b62a-806e6f6e6963}#000000001F500000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BitLocker"
.\debug.cpp(400) :  Destination "\Device\BitLocker"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0B#0#{05ecd13d-81da-4a2a-8a4c-524f23dd4dc9}"
.\debug.cpp(400) :  Destination "\Device\0000001f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :  Destination "\Device\USBFDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000017"
.\debug.cpp(409) :  --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`29d00000
.\boot_cleaner.cpp(707) : Dumping master boot sector of \\.\PhysicalDrive0...
.\boot_cleaner.cpp(712) : 
.\debug.cpp(64) : 00000000: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000010: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000020: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000030: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000050: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000060: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000070: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000080: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000090: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 000000a0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 000000b0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 000000c0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 000000d0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 000000e0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 000000f0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000100: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000110: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000120: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000130: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000140: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000150: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000160: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000170: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000180: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 00000190: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 000001a0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 000001b0: 00 00 00 00 00 00 00 00  7e ae 76 3e 00 00 00 00  | ........~.v>....
.\debug.cpp(64) : 000001c0: 02 00 ee ff ff ff 01 00  00 00 ff ff ff ff 00 00  | ................
.\debug.cpp(64) : 000001d0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 000001e0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | ................
.\debug.cpp(64) : 000001f0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa  | ..............U.
.\boot_cleaner.cpp(721) : 
512 bytes written to test.txt
.\boot_cleaner.cpp(1152) : Done;
 

 



BC AdBot (Login to Remove)

 


#2 rakkarage

rakkarage
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 29 April 2015 - 07:29 PM

Been using Windows 10 since it was released with no major problems.

On 10061 I got some malware (russian game website open in browser on boot) so i tried to use Settings->Reset/Refresh but it just BSOD and reset without changing anything.

So I reinstalled Windows twice (9926/10041) and get two BSOD during install.

I searched for days and tried many anti-virus and anti-rootkit software but found nothing. How can this problem persist after resinstall? no one else seems to have this problem with windows 10.

Some malware must persist on another (ESP) partition?

 

Jnn8lWv.jpg

 

ynoirQn.jpg

 

daexVmg.jpg

 

bMnaPMc.jpg

 

 

edit: that says: WDF_VIOLATION

 

 

 

**************************Tue Apr 28 19:33:40.203 2015 (UTC - 4:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\042815-39765-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 8 Kernel Version 10061 MP (4 procs) Free x64
Built by: 10061.0.amd64fre.fbl_impressive.150410-2039
System Uptime:0 days 0:09:42.929
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
*** WARNING: Unable to verify timestamp for Wdf01000.sys
*** ERROR: Module load completed but symbols could not be loaded for Wdf01000.sys
Probably caused by :Wdf01000.sys ( Wdf01000+31406 )
BugCheck 10D, {5, 0, 100a, ffffe00181ea6e20}
BugCheck Info: WDF_VIOLATION (10d)
Arguments:
Arg1: 0000000000000005, A framework object handle of the incorrect type was passed to
a framework object method.
Arg2: 0000000000000000, The handle value passed in.
Arg3: 000000000000100a, Reserved.
Arg4: ffffe00181ea6e20, Reserved.
BUGCHECK_STR: 0x10D_5
FAILURE_BUCKET_ID: WRONG_SYMBOLS
CPUID: "Intel® Core™ i5-5200U CPU @ 2.20GHz"
MaxSpeed: 2200
CurrentSpeed: 2195
BIOS Version A01
BIOS Release Date 11/04/2014
Manufacturer Dell Inc.
Product Name Inspiron 5749
Baseboard Product 0CC96W
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Apr 28 19:11:55.058 2015 (UTC - 4:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\042815-39125-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 8 Kernel Version 10061 MP (4 procs) Free x64
Built by: 10061.0.amd64fre.fbl_impressive.150410-2039
System Uptime:0 days 0:05:21.086
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
*** WARNING: Unable to verify timestamp for Wdf01000.sys
*** ERROR: Module load completed but symbols could not be loaded for Wdf01000.sys
Probably caused by :Wdf01000.sys ( Wdf01000+31406 )
BugCheck 10D, {5, 0, 100a, ffffe0003dee5d00}
BugCheck Info: WDF_VIOLATION (10d)
Arguments:
Arg1: 0000000000000005, A framework object handle of the incorrect type was passed to
a framework object method.
Arg2: 0000000000000000, The handle value passed in.
Arg3: 000000000000100a, Reserved.
Arg4: ffffe0003dee5d00, Reserved.
BUGCHECK_STR: 0x10D_5
FAILURE_BUCKET_ID: WRONG_SYMBOLS
CPUID: "Intel® Core™ i5-5200U CPU @ 2.20GHz"
MaxSpeed: 2200
CurrentSpeed: 2195
BIOS Version A01
BIOS Release Date 11/04/2014
Manufacturer Dell Inc.
Product Name Inspiron 5749
Baseboard Product 0CC96W

Edited by rakkarage, 29 April 2015 - 08:28 PM.


#3 rakkarage

rakkarage
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 29 April 2015 - 11:07 PM

  • booting from win cd and running these commands
  • http://forums.techdiscussion.in/showthread.php/4421-How-to-fix-MBR-issues-on-Windows-10-Technical-Preview-Installation-Solved
  • First type bootrec.exe /rebuildbcd and hit enter.
  • Then type bootrec.exe /fixmbr and hit enter.
  • Then type bootrec.exe /fixboot and hit enter. Once done restart your pc.
  • seems to have fixed it thanks :)
  •  

    Bootkit Remover

    © 2009 Esage Lab
    www.esagelab.com
     
    Program version: 1.2.0.1
    OS Version: Microsoft  (build 9200), 64-bit
     
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`29d00000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
     
         Size  Device Name          MBR Status
     --------------------------------------------
       931 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)
     
     
    Done;
    Press any key to quit...

     



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:22 PM

Posted 30 April 2015 - 12:35 PM

Hi, please post that last post with a FRST log from this guide in a new topic titled Bootkit and we will remove it.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users