Jump to content

Rootkit on System - a challenge to your skills

BillinDetroit
 Share

Recommended Posts

  • Replies 111
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

BillinDetroit

BillinDetroit

Posted
  • Author
Posted

Also, while waiting for the next step, my Kaspersky Antivirus found "virus Net-Worm.Win32.Kolab.rds" in G:\System Volume Information\_restore...\RP23\A0020202.exe//ABBAKUS.EXE (and A0020203.EXE//ABBAKUS.EXE). :)

Should I turn off system restore on the logical drives on physicaldrive1 (my G and I drives)?

Thanks again for your help.

Link to post
Share on other sites
BillinDetroit

BillinDetroit

Posted
  • Author
Posted

I am not sure what you mean by doing the "same" for PhysicalDrive1. :)

The last thing I did was to run the recovery console on my windows installation after booting from my windows xp sp3 install disk. After I typed in fixmbr, the only item listed was my windows installation. There were no other installations or options presented. :)

Are there switches I can use with the fixmbr command? :)

Where can I find that information, if so?

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  1. Download Bootkit remover to your Desktop.
  2. Extract Remover to your desktop
  3. Double-click Remover to run it (Vista users right-click and select Run as Administrator)
  4. It will show a Black screen with some data on it
  5. Right click on the screen and click Select All
  6. Press Ctrl (on keyboard) to copy the data
  7. Open a notepad and press Ctrl to paste the data

Link to post
Share on other sites
BillinDetroit

BillinDetroit

Posted
  • Author
Posted

OK, did that, but there was an error popup. :blink:

The popup said: WARNING "ATA_PASS_THROUGH_DIRECT is not supported by your disk controller. SCSI_PASS_THROUGH_DIRECT will be use for disk I/O"

Here are the contents of the window itself: (followed by contents of a log file that was opened on my desktop afterwards). :)

Bootkit Remover

© 2009 eSage Lab

www.esagelab.com

Program version: 1.2.0.0

OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:

\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

ATA_Read(): DeviceIoControl() ERROR 1

Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;

Press any key to quit...

Here are the contents of the "bootkit_remover_debug_log.txt":

.\debug.cpp(238) : Debug log started at 25.02.2011 - 19:59:26

.\boot_cleaner.cpp(527) : Bootkit Remover

.\boot_cleaner.cpp(528) : © 2009 eSage Lab

.\boot_cleaner.cpp(529) : www.esagelab.com

.\boot_cleaner.cpp(533) : Program version: 1.2.0.0

.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

.\debug.cpp(248) : **********************************************

.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********

.\debug.cpp(250) : **********************************************

.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe"

.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll"

.\debug.cpp(256) : 0xb85a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"

.\debug.cpp(256) : 0xb84b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"

.\debug.cpp(256) : 0xb80a8000 0x0000d000 "klbg.sys"

.\debug.cpp(256) : 0xb7f79000 0x0002e000 "ACPI.sys"

.\debug.cpp(256) : 0xb85aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"

.\debug.cpp(256) : 0xb7f68000 0x00011000 "pci.sys"

.\debug.cpp(256) : 0xb80b8000 0x0000a000 "isapnp.sys"

.\debug.cpp(256) : 0xb80c8000 0x00010000 "ohci1394.sys"

.\debug.cpp(256) : 0xb80d8000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"

.\debug.cpp(256) : 0xb7f54000 0x00014000 "CSCrySec.sys"

.\debug.cpp(256) : 0xb8670000 0x00001000 "pciide.sys"

.\debug.cpp(256) : 0xb8328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"

.\debug.cpp(256) : 0xb80e8000 0x0000b000 "MountMgr.sys"

.\debug.cpp(256) : 0xb7f35000 0x0001f000 "ftdisk.sys"

.\debug.cpp(256) : 0xb85ac000 0x00002000 "dmload.sys"

.\debug.cpp(256) : 0xb7f0f000 0x00026000 "dmio.sys"

.\debug.cpp(256) : 0xb8330000 0x00005000 "PartMgr.sys"

.\debug.cpp(256) : 0xb8338000 0x00008000 "nipbcfk.sys"

.\debug.cpp(256) : 0xb80f8000 0x00010000 "nipxibaf.sys"

.\debug.cpp(256) : 0xb8108000 0x0000c000 "nipxibrc.sys"

.\debug.cpp(256) : 0xb8118000 0x0000d000 "VolSnap.sys"

.\debug.cpp(256) : 0xb7ef7000 0x00018000 "atapi.sys"

.\debug.cpp(256) : 0xb7ebb000 0x00025000 "nvgts.sys"

.\debug.cpp(256) : 0xb7ea3000 0x00018000 "\WINDOWS\system32\DRIVERS\SCSIPORT.SYS"

.\debug.cpp(256) : 0xb8128000 0x00009000 "disk.sys"

.\debug.cpp(256) : 0xb8138000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"

.\debug.cpp(256) : 0xb7e83000 0x00020000 "fltmgr.sys"

.\debug.cpp(256) : 0xb7e71000 0x00012000 "sr.sys"

.\debug.cpp(256) : 0xb8148000 0x00009000 "PxHelp20.sys"

.\debug.cpp(256) : 0xb7e5a000 0x00017000 "KSecDD.sys"

.\debug.cpp(256) : 0xb7dcd000 0x0008d000 "Ntfs.sys"

.\debug.cpp(256) : 0xb7da0000 0x0002d000 "NDIS.sys"

.\debug.cpp(256) : 0xb7d01000 0x0009f000 "nipalk.sys"

.\debug.cpp(256) : 0xb8340000 0x00005000 "\WINDOWS\System32\drivers\TDI.SYS"

.\debug.cpp(256) : 0xb7ce7000 0x0001a000 "Mup.sys"

.\debug.cpp(256) : 0xb67cd000 0x00039000 "\SystemRoot\system32\DRIVERS\yk51x86.sys"

.\debug.cpp(256) : 0xb5dc1000 0x00a0c000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"

.\debug.cpp(256) : 0xb5dad000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"

.\debug.cpp(256) : 0xb83b8000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"

.\debug.cpp(256) : 0xb871a000 0x00001000 "\SystemRoot\system32\drivers\msmpu401.sys"

.\debug.cpp(256) : 0xb5d89000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"

.\debug.cpp(256) : 0xb69b7000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"

.\debug.cpp(256) : 0xb5d66000 0x00023000 "\SystemRoot\system32\drivers\ks.sys"

.\debug.cpp(256) : 0xb8616000 0x00002000 "\SystemRoot\system32\DRIVERS\ASACPI.sys"

.\debug.cpp(256) : 0xb69a7000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"

.\debug.cpp(256) : 0xb83c0000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"

.\debug.cpp(256) : 0xb6997000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"

.\debug.cpp(256) : 0xb75d3000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"

.\debug.cpp(256) : 0xb83c8000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"

.\debug.cpp(256) : 0xb5d42000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"

.\debug.cpp(256) : 0xb83d0000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"

.\debug.cpp(256) : 0xb59c8000 0x0037a000 "\SystemRoot\system32\drivers\ALCXWDM.SYS"

.\debug.cpp(256) : 0xb6987000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"

.\debug.cpp(256) : 0xb83d8000 0x00005000 "\SystemRoot\System32\DRIVERS\dvd43llh.sys"

.\debug.cpp(256) : 0xb83e0000 0x00008000 "\SystemRoot\system32\drivers\ASAPIW2k.sys"

.\debug.cpp(256) : 0xb6977000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"

.\debug.cpp(256) : 0xb6967000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"

.\debug.cpp(256) : 0xb83e8000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"

.\debug.cpp(256) : 0xb6957000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"

.\debug.cpp(256) : 0xb6947000 0x0000a000 "\SystemRoot\system32\DRIVERS\nvnetbus.sys"

.\debug.cpp(256) : 0xb58de000 0x000ea000 "\SystemRoot\system32\DRIVERS\NVNRM.SYS"

.\debug.cpp(256) : 0xb6937000 0x0000e000 "\SystemRoot\system32\DRIVERS\AmdK8.sys"

.\debug.cpp(256) : 0xb57ed000 0x000f1000 "\SystemRoot\system32\DRIVERS\btkrnl.sys"

.\debug.cpp(256) : 0xb6896000 0x0000c000 "\SystemRoot\system32\drivers\kcanv.sys"

.\debug.cpp(256) : 0xb83f0000 0x00005000 "\SystemRoot\system32\drivers\kvnetenum.sys"

.\debug.cpp(256) : 0xb6886000 0x0000a000 "\SystemRoot\system32\DRIVERS\klim5.sys"

.\debug.cpp(256) : 0xb872d000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"

.\debug.cpp(256) : 0xb8618000 0x00002000 "\SystemRoot\System32\Drivers\RootMdm.sys"

.\debug.cpp(256) : 0xb68ee000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"

.\debug.cpp(256) : 0xb6876000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"

.\debug.cpp(256) : 0xb8560000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"

.\debug.cpp(256) : 0xb57d6000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"

.\debug.cpp(256) : 0xb6866000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"

.\debug.cpp(256) : 0xb6856000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"

.\debug.cpp(256) : 0xb57c5000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"

.\debug.cpp(256) : 0xb6846000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"

.\debug.cpp(256) : 0xb68e6000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"

.\debug.cpp(256) : 0xb68de000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"

.\debug.cpp(256) : 0xb6836000 0x0000b000 "\SystemRoot\system32\DRIVERS\tap0901.sys"

.\debug.cpp(256) : 0xb5795000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"

.\debug.cpp(256) : 0xb6826000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"

.\debug.cpp(256) : 0xb68d6000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"

.\debug.cpp(256) : 0xb5737000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"

.\debug.cpp(256) : 0xb8574000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"

.\debug.cpp(256) : 0xb8578000 0x00003000 "\SystemRoot\system32\drivers\WmBEnum.sys"

.\debug.cpp(256) : 0xb6816000 0x0000c000 "\SystemRoot\system32\drivers\WmXlCore.sys"

.\debug.cpp(256) : 0xb861a000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"

.\debug.cpp(256) : 0xb8498000 0x00008000 "\SystemRoot\system32\DRIVERS\btport.sys"

.\debug.cpp(256) : 0xb8248000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"

.\debug.cpp(256) : 0xb799e000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"

.\debug.cpp(256) : 0xb8640000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"

.\debug.cpp(256) : 0xae6f3000 0x00051000 "\SystemRoot\system32\DRIVERS\klif.sys"

.\debug.cpp(256) : 0xb8668000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"

.\debug.cpp(256) : 0xaeb3e000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"

.\debug.cpp(256) : 0xb866a000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"

.\debug.cpp(256) : 0xb535e000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"

.\debug.cpp(256) : 0xb5356000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"

.\debug.cpp(256) : 0xb866c000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"

.\debug.cpp(256) : 0xb866e000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"

.\debug.cpp(256) : 0xb534e000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"

.\debug.cpp(256) : 0xb5346000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"

.\debug.cpp(256) : 0xb4946000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"

.\debug.cpp(256) : 0xade45000 0x00520000 "\??\C:\WINDOWS\system32\drivers\kl1.sys"

.\debug.cpp(256) : 0xadcdb000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"

.\debug.cpp(256) : 0xadae8000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"

.\debug.cpp(256) : 0xada98000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"

.\debug.cpp(256) : 0xada72000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"

.\debug.cpp(256) : 0xae3a5000 0x00003000 "\SystemRoot\System32\drivers\ws2ifsl.sys"

.\debug.cpp(256) : 0xada50000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"

.\debug.cpp(256) : 0xb49fa000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"

.\debug.cpp(256) : 0xaddae000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"

.\debug.cpp(256) : 0xadd9e000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"

.\debug.cpp(256) : 0xafcd0000 0x00005000 "\SystemRoot\System32\Drivers\x10ufx2.sys"

.\debug.cpp(256) : 0xad964000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"

.\debug.cpp(256) : 0xad8f4000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"

.\debug.cpp(256) : 0xaeab9000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"

.\debug.cpp(256) : 0xafcc8000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"

.\debug.cpp(256) : 0xaead9000 0x0000a000 "\SystemRoot\System32\Drivers\btwusb.sys"

.\debug.cpp(256) : 0xb5366000 0x00008000 "\SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys"

.\debug.cpp(256) : 0xb85da000 0x00002000 "\SystemRoot\system32\drivers\AsIO.sys"

.\debug.cpp(256) : 0xb68be000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"

.\debug.cpp(256) : 0xadac4000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"

.\debug.cpp(256) : 0xb796e000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"

.\debug.cpp(256) : 0xab09a000 0x00081000 "\SystemRoot\system32\drivers\btaudio.sys"

.\debug.cpp(256) : 0xab076000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"

.\debug.cpp(256) : 0xb8278000 0x0000d000 "\SystemRoot\system32\DRIVERS\btwhid.sys"

.\debug.cpp(256) : 0xaade7000 0x0028f000 "\SystemRoot\system32\DRIVERS\LV302V32.SYS"

.\debug.cpp(256) : 0xb8648000 0x00002000 "\SystemRoot\system32\DRIVERS\lv302af.sys"

.\debug.cpp(256) : 0xb793e000 0x0000f000 "\SystemRoot\system32\drivers\usbaudio.sys"

.\debug.cpp(256) : 0xaada7000 0x00040000 "\SystemRoot\system32\DRIVERS\lvrs.sys"

.\debug.cpp(256) : 0xb798e000 0x0000a000 "\SystemRoot\system32\drivers\CA506AA.sys"

.\debug.cpp(256) : 0xb82a8000 0x0000d000 "\SystemRoot\system32\drivers\STREAM.SYS"

.\debug.cpp(256) : 0xaad7f000 0x00028000 "\SystemRoot\system32\DRIVERS\CA506AV.SYS"

.\debug.cpp(256) : 0xb5717000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"

.\debug.cpp(256) : 0xb4a0a000 0x00009000 "\SystemRoot\system32\DRIVERS\klmouflt.sys"

.\debug.cpp(256) : 0xb496a000 0x00004000 "\SystemRoot\system32\DRIVERS\usbscan.sys"

.\debug.cpp(256) : 0xafcc0000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"

.\debug.cpp(256) : 0xaddfd000 0x00006000 "\SystemRoot\system32\DRIVERS\HPZius12.sys"

.\debug.cpp(256) : 0xb82c8000 0x0000d000 "\SystemRoot\system32\DRIVERS\HPZid412.sys"

.\debug.cpp(256) : 0xb4936000 0x00004000 "\SystemRoot\system32\DRIVERS\HPZipr12.sys"

.\debug.cpp(256) : 0xb4932000 0x00004000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"

.\debug.cpp(256) : 0xaad2c000 0x00025000 "\SystemRoot\System32\Drivers\dump_nvgts.sys"

.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"

.\debug.cpp(256) : 0xb492a000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"

.\debug.cpp(256) : 0xade1d000 0x00005000 "\SystemRoot\System32\watchdog.sys"

.\debug.cpp(256) : 0xbd000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"

.\debug.cpp(256) : 0xad8d1000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"

.\debug.cpp(256) : 0xbd012000 0x00603000 "\SystemRoot\System32\nv4_disp.dll"

.\debug.cpp(256) : 0xbd615000 0x00047000 "\SystemRoot\System32\ATMFD.DLL"

.\debug.cpp(256) : 0xaa21a000 0x00016000 "\SystemRoot\system32\DRIVERS\nwlnkipx.sys"

.\debug.cpp(256) : 0xad86c000 0x00010000 "\SystemRoot\system32\DRIVERS\nwlnknb.sys"

.\debug.cpp(256) : 0xad83c000 0x0000e000 "\SystemRoot\system32\DRIVERS\nwlnkspx.sys"

.\debug.cpp(256) : 0xaa085000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"

.\debug.cpp(256) : 0xb8773000 0x00001000 "\SystemRoot\System32\Drivers\cvintdrv.SYS"

.\debug.cpp(256) : 0xaa0c6000 0x00004000 "\SystemRoot\System32\Drivers\Aspi32.SYS"

.\debug.cpp(256) : 0xb82d8000 0x00009000 "\SystemRoot\system32\drivers\nibffrk.dll"

.\debug.cpp(256) : 0xb8460000 0x00006000 "\SystemRoot\system32\DRIVERS\nicanpkl.sys"

.\debug.cpp(256) : 0xa9f80000 0x0003d000 "\SystemRoot\system32\DRIVERS\nicanpk.dll"

.\debug.cpp(256) : 0xb8458000 0x00006000 "\??\C:\WINDOWS\system32\drivers\nimdbgkl.sys"

.\debug.cpp(256) : 0xa9c15000 0x00037000 "\??\C:\WINDOWS\system32\drivers\nimdbgk.dll"

.\debug.cpp(256) : 0xb82b8000 0x0000e000 "\??\C:\WINDOWS\system32\drivers\niorbk.dll"

.\debug.cpp(256) : 0xaea69000 0x0000b000 "\SystemRoot\system32\drivers\nimdsk.dll"

.\debug.cpp(256) : 0xb8470000 0x00006000 "\??\C:\WINDOWS\system32\drivers\nimxdfkl.sys"

.\debug.cpp(256) : 0xa9bd3000 0x00042000 "\??\C:\WINDOWS\system32\drivers\nimxdfk.dll"

.\debug.cpp(256) : 0xb8478000 0x00006000 "\??\C:\WINDOWS\system32\drivers\niorbkl.sys"

.\debug.cpp(256) : 0xb532e000 0x00006000 "\??\C:\WINDOWS\system32\drivers\nipxirmkl.sys"

.\debug.cpp(256) : 0xa9bb6000 0x0001d000 "\??\C:\WINDOWS\system32\drivers\nipxirmk.dll"

.\debug.cpp(256) : 0xa9b84000 0x00032000 "\??\C:\WINDOWS\system32\drivers\nidimk.dll"

.\debug.cpp(256) : 0xa9b64000 0x00020000 "\SystemRoot\system32\drivers\nistck.dll"

.\debug.cpp(256) : 0xadd7e000 0x0000a000 "\SystemRoot\system32\drivers\nistreamkl.sys"

.\debug.cpp(256) : 0xb82f8000 0x0000f000 "\SystemRoot\system32\drivers\nistreamk.sys"

.\debug.cpp(256) : 0xb8490000 0x00006000 "\SystemRoot\System32\drivers\NiViPxiKl.sys"

.\debug.cpp(256) : 0xb8218000 0x0000d000 "\SystemRoot\System32\drivers\NiViPxiK.sys"

.\debug.cpp(256) : 0xb49ba000 0x0000f000 "\SystemRoot\system32\drivers\npf.sys"

.\debug.cpp(256) : 0xb8318000 0x0000a000 "\SystemRoot\system32\DRIVERS\secdrv.sys"

.\debug.cpp(256) : 0xa9a1c000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"

.\debug.cpp(256) : 0xa9a0b000 0x00011000 "\SystemRoot\SYSTEM32\DRIVERS\Wibukey.sys"

.\debug.cpp(256) : 0xaa02d000 0x0000d000 "\SystemRoot\system32\drivers\niarbk.dll"

.\debug.cpp(256) : 0xa9961000 0x000aa000 "\SystemRoot\System32\Drivers\Nidaq32k.SYS"

.\debug.cpp(256) : 0xa9950000 0x00011000 "\SystemRoot\system32\drivers\nidmmk.dll"

.\debug.cpp(256) : 0xa954f000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"

.\debug.cpp(256) : 0xa93fa000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"

.\debug.cpp(256) : 0xa96b0000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"

.\debug.cpp(256) : 0xa935c000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"

.\debug.cpp(256) : 0xa803b000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"

.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"

.\debug.cpp(263) : **********************************************

.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********

.\debug.cpp(308) : **********************************************

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.4"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"

.\debug.cpp(400) : Destination "\Device\Video0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_005A&SUBSYS_815A1043&REV_A2#3&267a616a&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"

.\debug.cpp(400) : Destination "\Device\Scsi\nvgts2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"

.\debug.cpp(400) : Destination "\Device\Ndis"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{54C7D140-09EF-11D1-B25A-F5FE627ED95E}"

.\debug.cpp(400) : Destination "\Device\NPF_{54C7D140-09EF-11D1-B25A-F5FE627ED95E}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanBh"

.\debug.cpp(400) : Destination "\Device\NPF_NdisWanBh"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kimul37"

.\debug.cpp(400) : Destination "\Device\kimul37"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPB006#4&f36d2e&0#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000b5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"

.\debug.cpp(400) : Destination "\Device\CdRom0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{667d7890-6a02-11dc-a291-806d6172696f}"

.\debug.cpp(400) : Destination "\Device\CdRom0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"

.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.5"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000006c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000006f"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"

.\debug.cpp(400) : Destination "\Device\Video1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&1b6e420d&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_08d7&MI_00#6&150fa22a&2&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000e7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0733&Pid_0430&Mi_00#6&1464e867&0&0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000e9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_4d11&MI_01#6&3bcef63&1&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"

.\debug.cpp(400) : Destination "\Device\000000ef"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{8617F368-18F1-4C50-8AA9-97E13E318D49}"

.\debug.cpp(400) : Destination "\Device\NPF_{8617F368-18F1-4C50-8AA9-97E13E318D49}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\niarbk"

.\debug.cpp(400) : Destination "\Device\niarbk"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\KLBG"

.\debug.cpp(400) : Destination "\Device\KLBG"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0.exclusive"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0.exclusive"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.6"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"

.\debug.cpp(400) : Destination "\Device\Video2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2f2ef6ee&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{F4D64D3D-80E3-4349-A7CE-FD37FEE132F0}"

.\debug.cpp(400) : Destination "\Device\NPF_{F4D64D3D-80E3-4349-A7CE-FD37FEE132F0}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a65dbcb4-0038-11dd-8cb3-806d6172696f}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{667d7893-6a02-11dc-a291-806d6172696f}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"

.\debug.cpp(400) : Destination "\Device\Ip"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"

.\debug.cpp(400) : Destination "\Device\ATKACPI"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.7"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000006d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000074"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"

.\debug.cpp(400) : Destination "\Device\Video3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{C9155D46-9CA6-4048-A272-017B41609183}"

.\debug.cpp(400) : Destination "\Device\NPF_{C9155D46-9CA6-4048-A272-017B41609183}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"

.\debug.cpp(400) : Destination "\Device\IPSEC"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0733&Pid_0430&Mi_01#6&1464e867&0&1#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000ea"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D43E37E4-2F91-406C-B032-243593BE0866}"

.\debug.cpp(400) : Destination "\Device\{D43E37E4-2F91-406C-B032-243593BE0866}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"

.\debug.cpp(400) : Destination "\Device\CdRom1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"

.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.8"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D005F9DC-B89E-4908-AEDF-10357E201367}.tap"

.\debug.cpp(400) : Destination "\Device\{D005F9DC-B89E-4908-AEDF-10357E201367}.tap"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"

.\debug.cpp(400) : Destination "\Device\Video4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{58AE086F-977C-4A6E-8CEA-315E0BC1AB48}"

.\debug.cpp(400) : Destination "\Device\NPF_{58AE086F-977C-4A6E-8CEA-315E0BC1AB48}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"

.\debug.cpp(400) : Destination "\Device\NDProxy"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HIDAVCONTROL#2&1d473603&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination "\Device\000000f2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.9"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"

.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"

.\debug.cpp(400) : Destination "\Device\0000006a"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000076"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"

.\debug.cpp(400) : Destination "\Device\Video5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.init"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.init"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_05fe&Pid_0011#6&132aaddb&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination "\Device\000000ed"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_DVD_RW_DRU-830A____________________SS15____#5&d073337&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.10"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.10"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{117FD1B6-DC82-44E1-B1C5-DC29574046CB}"

.\debug.cpp(400) : Destination "\Device\{117FD1B6-DC82-44E1-B1C5-DC29574046CB}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DD645A06-7E18-4C5F-B118-E4AA6F331C07}"

.\debug.cpp(400) : Destination "\Device\{DD645A06-7E18-4C5F-B118-E4AA6F331C07}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{95C7A0A0-3094-11D7-A202-00508B9D7D5A}#BLUETOOTHPORT#1&30ee4ad&1&1000000000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(400) : Destination "\Device\000000d4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05e3&Pid_0606#5&269429fc&0&5#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\klick"

.\debug.cpp(400) : Destination "\Device\klick"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"

.\debug.cpp(400) : Destination "\Device\Serial0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"

.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0abe0542-fb4a-11df-bf39-806d6172696f}"

.\debug.cpp(400) : Destination "\Device\CdRom1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"

.\debug.cpp(400) : Destination "\Device\WMIDataDevice"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.11"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.11"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#CANDEVICES#0001#{5d62296b-5c48-48f6-99e5-b5179b23ab6e}"

.\debug.cpp(400) : Destination "\Device\00000004"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F044B219-342F-49AD-BB16-2B41A7A9EB2C}"

.\debug.cpp(400) : Destination "\Device\{F044B219-342F-49AD-BB16-2B41A7A9EB2C}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5056D366-7746-4D7D-B7F2-7BF84B5C0452}"

.\debug.cpp(400) : Destination "\Device\{5056D366-7746-4D7D-B7F2-7BF84B5C0452}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CVINTDRV"

.\debug.cpp(400) : Destination "\Device\CVINTDRV"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{97D67FD7-5F4C-4C56-8EF4-C561B4716C54}"

.\debug.cpp(400) : Destination "\Device\NPF_{97D67FD7-5F4C-4C56-8EF4-C561B4716C54}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{61FA72F6-36BF-4662-8A40-C35EEB102C56}"

.\debug.cpp(400) : Destination "\Device\NPF_{61FA72F6-36BF-4662-8A40-C35EEB102C56}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_812A1043&REV_A2#3&267a616a&0&68#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"

.\debug.cpp(400) : Destination "\Device\NamedPipe"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.12"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.12"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_43#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"

.\debug.cpp(400) : Destination "\Device\00000088"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0bc7&Pid_0002#6&15ce3704&0&1#{001000af-3def-aa00-10b6-dc5ba692c858}"

.\debug.cpp(400) : Destination "\Device\USBPDO-3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0733&Pid_0430&Mi_00#6&1464e867&0&0#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"

.\debug.cpp(400) : Destination "\Device\000000e9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"

.\debug.cpp(400) : Destination "\Device\Usbscan0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTKRNL"

.\debug.cpp(400) : Destination "\Device\BTKRNL"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASAPI"

.\debug.cpp(400) : Destination "\Device\ASAPI"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"

.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.13"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.13"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0400&SUBSYS_0438196E&REV_A1#4&19725220&0&00B8#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0029"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"

.\debug.cpp(400) : Destination "\Device\IPNAT"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_08d7&MI_00#6&150fa22a&2&0000#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"

.\debug.cpp(400) : Destination "\Device\000000e7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0733&Pid_0430&Mi_00#6&1464e867&0&0#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000e9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"

.\debug.cpp(400) : Destination "\Device\PSched"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4"

.\debug.cpp(400) : Destination "\Device\BtPort0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"

.\debug.cpp(400) : Destination "\Device\Mup"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTWUSB-0"

.\debug.cpp(400) : Destination "\Device\BTWUSB-0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.14"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.14"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F015E588-4AF0-4402-A80B-1AD7A48B4785}"

.\debug.cpp(400) : Destination "\Device\{F015E588-4AF0-4402-A80B-1AD7A48B4785}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3#3&267a616a&0&98#{c4f6eed3-1c5e-4f43-a768-83ecba42fcc1}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"

.\debug.cpp(400) : Destination "\Device\Tcp"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_WDC_WD25&Prod_00KS-00MJB0&Rev_02.0#4&1a6b8d13&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Scsi\nvgts1Port2Path0Target0Lun0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{234AAD0A-8062-49B1-86B6-483C51D2FAF8}"

.\debug.cpp(400) : Destination "\Device\NPF_{234AAD0A-8062-49B1-86B6-483C51D2FAF8}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E6786A5E-C9CA-4314-A3B1-370E151EC4AD}"

.\debug.cpp(400) : Destination "\Device\NPF_{E6786A5E-C9CA-4314-A3B1-370E151EC4AD}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{66A9F28C-BC6F-47B8-A89C-260D53643093}"

.\debug.cpp(400) : Destination "\Device\NPF_{66A9F28C-BC6F-47B8-A89C-260D53643093}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0BEAAC95-39D3-4AB8-B200-9716D51D7595}"

.\debug.cpp(400) : Destination "\Device\{0BEAAC95-39D3-4AB8-B200-9716D51D7595}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"

.\debug.cpp(400) : Destination "\Device\USBFDO-0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NIStreamControl"

.\debug.cpp(400) : Destination "\Device\NIStreamControl"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"

.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Kl1"

.\debug.cpp(400) : Destination "\Device\Kl1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.15"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.15"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPX"

.\debug.cpp(400) : Destination "\Device\NdisWanIpx"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000079"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"

.\debug.cpp(400) : Destination "\Device\USBFDO-1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"

.\debug.cpp(400) : Destination "\Device\VideoPdo0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{0BEAAC95-39D3-4AB8-B200-9716D51D7595}"

.\debug.cpp(400) : Destination "\Device\NPF_{0BEAAC95-39D3-4AB8-B200-9716D51D7595}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{664CB304-2985-4EEE-9F87-B537F61D5443}"

.\debug.cpp(400) : Destination "\Device\NPF_{664CB304-2985-4EEE-9F87-B537F61D5443}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NiDAQ32k.Drv"

.\debug.cpp(400) : Destination "\Device\NiDAQ32k.Drv"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b0979085-9c04-11de-a027-0015f2caf197}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"

.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0400&SUBSYS_0438196E&REV_A1#4&a70d623&0&0020#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0031"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"

.\debug.cpp(400) : Destination "\DosDevices\LPT1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{DD645A06-7E18-4C5F-B118-E4AA6F331C07}"

.\debug.cpp(400) : Destination "\Device\NPF_{DD645A06-7E18-4C5F-B118-E4AA6F331C07}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_812A1043&REV_A2#3&267a616a&0&68#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"

.\debug.cpp(400) : Destination "\Device\CdRom0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000071"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000073"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"

.\debug.cpp(400) : Destination "\Device\FsWrap"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_08d7#5&2cc2a6de&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{986ADE0E-8480-495C-9416-A61E1AB70B0F}"

.\debug.cpp(400) : Destination "\Device\NPF_{986ADE0E-8480-495C-9416-A61E1AB70B0F}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{1EE438E0-DBE0-43C0-A5A9-695C69119360}"

.\debug.cpp(400) : Destination "\Device\NPF_{1EE438E0-DBE0-43C0-A5A9-695C69119360}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"

.\debug.cpp(400) : Destination "\Device\sysaudio"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"

.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"

.\debug.cpp(400) : Destination "\Device\CdRom1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{664CB304-2985-4EEE-9F87-B537F61D5443}"

.\debug.cpp(400) : Destination "\Device\{664CB304-2985-4EEE-9F87-B537F61D5443}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbMmDp32"

.\debug.cpp(400) : Destination "\Device\MbMmDp32"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{84502810-C083-4087-A232-993F842AAC9F}"

.\debug.cpp(400) : Destination "\Device\NPF_{84502810-C083-4087-A232-993F842AAC9F}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPB006#4&f36d2e&0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000b5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0733&Pid_0430&Mi_01#6&1464e867&0&1#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000ea"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"

.\debug.cpp(400) : Destination "\Device\Harddisk2\DR2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"

.\debug.cpp(400) : Destination "\Device\0000008b"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"

.\debug.cpp(400) : Destination "\Device\0000008c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAKS-00L9A&Rev_01.0#4&ba52cf&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Scsi\nvgts2Port3Path0Target0Lun0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_812A1043&REV_A2#3&267a616a&0&68#{dda54a40-1e4c-11d1-a050-405705c10000}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"

.\debug.cpp(400) : Destination "\GLOBAL??"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"

.\debug.cpp(400) : Destination "\Device\Harddisk3\DR8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"

.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(400) : Destination "\Device\000000ba"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DOT4#Vid_03f0&Pid_4d11&MI_02&DOT4&PRINT_HPZ#8&1e7414e2&0&0#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"

.\debug.cpp(400) : Destination "\Device\HPZID412PRINT_HPZ1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature2D502D4Offset7E00Length270FEE5C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"

.\debug.cpp(400) : Destination "\Device\Secdrv"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.10"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.10"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#KL_KLIM5MP#0007#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000000e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000007a"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0733&Pid_0430#5&2cc2a6de&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_08d7&MI_00#6&150fa22a&2&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000e7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nibffrk"

.\debug.cpp(400) : Destination "\Device\nibffrk"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{1667EE03-9A97-478C-A62D-72E54B8CA97C}"

.\debug.cpp(400) : Destination "\Device\NPF_{1667EE03-9A97-478C-A62D-72E54B8CA97C}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_08d7&MI_01#6&150fa22a&2&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000e8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NIPALK"

.\debug.cpp(400) : Destination "\Device\NIPALK"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature6FD88D91Offset3A380DFE00Length3A388A8400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.1"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.11"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.11"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\klim5"

.\debug.cpp(400) : Destination "\Device\klim5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"

.\debug.cpp(400) : Destination "\Device\ARP1394"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0bc7&Pid_0002#6&15ce3704&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{4C72476E-6EC5-4CB8-B079-5612E5823EA7}"

.\debug.cpp(400) : Destination "\Device\NPF_{4C72476E-6EC5-4CB8-B079-5612E5823EA7}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{4C54DAF8-666A-40BE-B59E-FA0B4B2B5819}"

.\debug.cpp(400) : Destination "\Device\NPF_{4C54DAF8-666A-40BE-B59E-FA0B4B2B5819}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_812A1043&REV_A2#3&267a616a&0&68#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Klop"

.\debug.cpp(400) : Destination "\Device\Klop"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.2"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.12"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.12"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"

.\debug.cpp(400) : Destination "\Device\000000ba"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{D43E37E4-2F91-406C-B032-243593BE0866}"

.\debug.cpp(400) : Destination "\Device\NPF_{D43E37E4-2F91-406C-B032-243593BE0866}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_DVD_RW_DRU-830A____________________SS15____#5&d073337&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"

.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.3"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.13"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.13"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#KL_KLIM5MP#0009#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000010"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_PIONEER&Prod_DVD-RW__DVR-212D&Rev_1.21#4&ba52cf&0&110#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Scsi\nvgts2Port3Path1Target1Lun0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nistck"

.\debug.cpp(400) : Destination "\Device\nistck"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nipbcfControl"

.\debug.cpp(400) : Destination "\Device\nipbcfControl"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"

.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"

.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.4"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.14"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.14"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1667EE03-9A97-478C-A62D-72E54B8CA97C}"

.\debug.cpp(400) : Destination "\Device\{1667EE03-9A97-478C-A62D-72E54B8CA97C}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000006b"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPX#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000006e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0003#{a530a220-8e1d-11d3-87a1-00104be390af}"

.\debug.cpp(400) : Destination "\Device\00000080"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&16a89ebb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_DVD_RW_DRU-830A____________________SS15____#5&d073337&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{D478C953-BE88-47B5-A76B-0110B47E5414}"

.\debug.cpp(400) : Destination "\Device\NPF_{D478C953-BE88-47B5-A76B-0110B47E5414}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{D3535E42-5004-4F43-A131-F762225E4F2D}"

.\debug.cpp(400) : Destination "\Device\NPF_{D3535E42-5004-4F43-A131-F762225E4F2D}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_4d11&MI_00#6&3bcef63&1&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"

.\debug.cpp(400) : Destination "\Device\000000ee"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"

.\debug.cpp(400) : Destination "\Device\MountPointManager"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\00000006"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.5"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.15"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.15"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&f36d2e&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\000000b9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{9D25A47B-CBE4-4B44-8F03-EA7346BFFD72}"

.\debug.cpp(400) : Destination "\Device\NPF_{9D25A47B-CBE4-4B44-8F03-EA7346BFFD72}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"

.\debug.cpp(400) : Destination "\Device\WANARP"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"

.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.6"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4362&SUBSYS_81421043&REV_15#4&23e04d34&0&0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0030"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0003#{be472025-8177-11d3-87a1-00104be390af}"

.\debug.cpp(400) : Destination "\Device\00000080"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0781&Pid_a3a4#13000#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_08d7&MI_01#6&150fa22a&2&0001#{01083072-dbf5-4edc-8ef6-9bfe8f1091e1}"

.\debug.cpp(400) : Destination "\Device\000000e8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{27AC3DA0-DF64-4BAC-8E9E-B49AEBB0BA7C}"

.\debug.cpp(400) : Destination "\Device\NPF_{27AC3DA0-DF64-4BAC-8E9E-B49AEBB0BA7C}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nidmmk"

.\debug.cpp(400) : Destination "\Device\nidmmk"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\klark_2712100"

.\debug.cpp(400) : Destination "\Device\klark_2712100"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0054&SUBSYS_815A1043&REV_F3#3&267a616a&0&80#{2accfe60-c130-11d2-b082-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\00000005"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.7"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"

.\debug.cpp(400) : Destination "\Device\NdisWanIp"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\KLIF"

.\debug.cpp(400) : Destination "\FileSystem\Filters\KLIF"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{F044B219-342F-49AD-BB16-2B41A7A9EB2C}"

.\debug.cpp(400) : Destination "\Device\NPF_{F044B219-342F-49AD-BB16-2B41A7A9EB2C}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{87CD7262-1F0C-405B-8096-03B1B1FB69AE}"

.\debug.cpp(400) : Destination "\Device\NPF_{87CD7262-1F0C-405B-8096-03B1B1FB69AE}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0055&SUBSYS_815A1043&REV_F3#3&267a616a&0&88#{2accfe60-c130-11d2-b082-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.8"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"

.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{D005F9DC-B89E-4908-AEDF-10357E201367}"

.\debug.cpp(400) : Destination "\Device\NPF_{D005F9DC-B89E-4908-AEDF-10357E201367}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPB006#4&f36d2e&0#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000b5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"

.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"

.\debug.cpp(400) : Destination "\Device\1394BUS0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.9"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#937f4011d800#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\000000be"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{986ADE0E-8480-495C-9416-A61E1AB70B0F}"

.\debug.cpp(400) : Destination "\Device\{986ADE0E-8480-495C-9416-A61E1AB70B0F}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#KL_KLIM5MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000008"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{53D759F6-4046-42A6-98E3-BBFF2C3A016D}"

.\debug.cpp(400) : Destination "\Device\NPF_{53D759F6-4046-42A6-98E3-BBFF2C3A016D}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\klnkd_040303"

.\debug.cpp(400) : Destination "\Device\klnkd_040303"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0.srv"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0.srv"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"

.\debug.cpp(400) : Destination "\Device\ParTechInc0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000070"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CSVirtualDiskDrv"

.\debug.cpp(400) : Destination "\Device\CSVirtualDiskDrv"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"

.\debug.cpp(400) : Destination "\Device\DmLoader"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"

.\debug.cpp(400) : Destination "\Device\ParTechInc1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_43#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"

.\debug.cpp(400) : Destination "\Device\00000089"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"

.\debug.cpp(400) : Destination "\Device\NdisWanBh"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D3535E42-5004-4F43-A131-F762225E4F2D}"

.\debug.cpp(400) : Destination "\Device\{D3535E42-5004-4F43-A131-F762225E4F2D}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#KL_KLIM5MP#0008#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000000f"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"

.\debug.cpp(400) : Destination "\Device\IPMULTICAST"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"

.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_WDC_WD50&Prod_00AACS-00ZUB&Rev_01.0#4&1a6b8d13&0&110#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Scsi\nvgts1Port2Path1Target1Lun0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"

.\debug.cpp(400) : Destination "\Device\AscKmd"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"

.\debug.cpp(400) : Destination "\Device\NdisWan"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"

.\debug.cpp(400) : Destination "\Device\NdisTapi"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_08d7&MI_01#6&150fa22a&2&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\000000e8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature6FD88D91Offset7E00Length3A380D0200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"

.\debug.cpp(400) : Destination "\Device\ParTechInc2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_PIONEER&Prod_DVD-RW__DVR-212D&Rev_1.21#4&ba52cf&0&110#{1186654d-47b8-48b9-beb9-7df113ae3c67}"

.\debug.cpp(400) : Destination "\Device\Scsi\nvgts2Port3Path1Target1Lun0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C9155D46-9CA6-4048-A272-017B41609183}"

.\debug.cpp(400) : Destination "\Device\{C9155D46-9CA6-4048-A272-017B41609183}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WibuKey"

.\debug.cpp(400) : Destination "\Device\WibuKey"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"

.\debug.cpp(400) : Destination "\Device\LanmanRedirector"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"

.\debug.cpp(400) : Destination "\Device\FtControl"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"

.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{48E297D1-4945-442F-AD21-AFB6BCB53E5E}"

.\debug.cpp(400) : Destination "\Device\{48E297D1-4945-442F-AD21-AFB6BCB53E5E}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05fe&Pid_0011#5&2cc2a6de&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanIp"

.\debug.cpp(400) : Destination "\Device\NPF_NdisWanIp"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{48E297D1-4945-442F-AD21-AFB6BCB53E5E}"

.\debug.cpp(400) : Destination "\Device\NPF_{48E297D1-4945-442F-AD21-AFB6BCB53E5E}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0.info"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0.info"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#KL_KLIM5MP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000000d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8617F368-18F1-4C50-8AA9-97E13E318D49}"

.\debug.cpp(400) : Destination "\Device\{8617F368-18F1-4C50-8AA9-97E13E318D49}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UNKNOWN#0000#{53172480-4791-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000081"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0a5c&Pid_2101#6&15ce3704&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"

.\debug.cpp(400) : Destination "\DosDevices\COM1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"

.\debug.cpp(400) : Destination "\Device\MailSlot"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nimdsk"

.\debug.cpp(400) : Destination "\Device\nimdsk"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{F015E588-4AF0-4402-A80B-1AD7A48B4785}"

.\debug.cpp(400) : Destination "\Device\NPF_{F015E588-4AF0-4402-A80B-1AD7A48B4785}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanIpx"

.\debug.cpp(400) : Destination "\Device\NPF_NdisWanIpx"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.1"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standard Modem"

.\debug.cpp(400) : Destination "\Device\0000006a"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A4#3&267a616a&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"

.\debug.cpp(400) : Destination "\Device\Null"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"

.\debug.cpp(400) : Destination "\Device\Scsi\nvgts1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\0000007d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{117FD1B6-DC82-44E1-B1C5-DC29574046CB}"

.\debug.cpp(400) : Destination "\Device\NPF_{117FD1B6-DC82-44E1-B1C5-DC29574046CB}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"

.\debug.cpp(400) : Destination ""

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\klin"

.\debug.cpp(400) : Destination "\Device\klin"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&1b6e420d&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+9"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.2"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{53D759F6-4046-42A6-98E3-BBFF2C3A016D}"

.\debug.cpp(400) : Destination "\Device\{53D759F6-4046-42A6-98E3-BBFF2C3A016D}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Asusgio"

.\debug.cpp(400) : Destination "\Device\Asusgio"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\0000007c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_STORAGE_DEVICE&Rev_9228#13000&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\000000db"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D005F9DC-B89E-4908-AEDF-10357E201367}"

.\debug.cpp(400) : Destination "\Device\{D005F9DC-B89E-4908-AEDF-10357E201367}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CSCrySec"

.\debug.cpp(400) : Destination "\Device\CSCrySec"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_PIONEER&Prod_DVD-RW__DVR-212D&Rev_1.21#4&ba52cf&0&110#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Scsi\nvgts2Port3Path1Target1Lun0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8023&SUBSYS_808B1043&REV_00#4&2411f011&0&5890#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0028"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"

.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0a.init"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0a.init"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kcanv0b.3"

.\debug.cpp(400) : Destination "\Device\vcanx_devkcanv_dev0b.3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_4d11#CN58U2308204GM#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-10"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_05fe&Pid_0011#6&132aaddb&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\000000ed"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{5056D366-7746-4D7D-B7F2-7BF84B5C0452}"

.\debug.cpp(400) : Destination "\Device\NPF_{5056D366-7746-4D7D-B7F2-7BF84B5C0452}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5dad7a82-6aeb-11dc-9351-0015f2caf197}"

.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+9"

.\debug.cpp(409) : --

.\debug.cpp(453) : **********************************************

.\boot_cleaner.cpp(565) : System volume is \\.\C:

.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1

.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

.\boot_cleaner.cpp(1060) :

.\boot_cleaner.cpp(1061) : Size Device Name MBR Status

.\boot_cleaner.cpp(1062) : --------------------------------------------

.\boot_cleaner.cpp(1106) : 232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

.\boot_cleaner.cpp(1112) :

.\boot_cleaner.cpp(1151) : Done;

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Re-run MBRCheck.

Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Please push the 'Y' key and then press Enter

When program ask you Enter your choice: enter

[1] Dump the MBR of a physical disk to file.

and press the Enter key

Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"

Enter 0 and press the Enter key.

The program will show Available MBR codes:, followed by a list of operating systems. Please enter

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7 and then press Enter.

The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.

Next, type -1 and press Enter. Next press Enter again, and the program will exit.

Save it to your desktop then attach the resultant output in your next reply

Link to post
Share on other sites
BillinDetroit

BillinDetroit

Posted
  • Author
Posted

OK, I ran MBRCheck on Drive0 and would have attached the file as dump.dat per your instructions, but I received the notice "Error You aren't permitted to upload this kind of file". :)

I changed the file type to .txt and uploaded it OK.

BTW, I did not see the second menu while running the program.

I also ran the program on physicaldrive1 and have attached the dump1.dat file for it (renamed dump1.txt).

Let me know what to do next.

Thanks again. :)

dump1.txt

dump.txt

Link to post
Share on other sites
BillinDetroit

BillinDetroit

Posted
  • Author
Posted

Yes. Actually my system consists of a cable modem, then a Vonage VOIP modem with single port router, then my Linksys WRT54G 4 port router and the rest goes through switches and cables to my PCs. The Vonage and Linksys routers are both password protected. What do you have in mind? ;)

Link to post
Share on other sites
BillinDetroit

BillinDetroit

Posted
  • Author
Posted

No change: lsass.exe, services.exe, & svchost.exe are continuously opening and closing files for no apparent reason. :welcome:

The confluence of that activity and the many trojans and other malware I have found on this machine over the past two full months (when my machine has been clean by most standards for years) still makes me believe there is an as yet unidentified rootkit active here. ;)

I suppose I could give up, buy a new motherboard, processor, and RAM, and a new hard drive and reinstall all of my software. I hope that's not the only option but as this process drags on I am thinking I may have been better off if I had started that path a month ago instead of this one (trying to clean it). The only reason I continue down this path is that since I don't know how this (whatever it is) got on my machine there is no certainty that a new machine won't get compromised in the same way by who or whatever put it here. I don't have time for that and that to me is unacceptable. Therefore, I need to find out how to identify it (with your continuing help, which I am grateful for) and how to kill it. Let me know what you recommend I try next. :)

Link to post
Share on other sites
BillinDetroit

BillinDetroit

Posted
  • Author
Posted

OK, updated MalwareByes and did quick scan, followed by dds.scr. Here are the logs:

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5984

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/7/2011 7:08:48 PM

mbam-log-2011-03-07 (19-08-48).txt

Scan type: Quick scan

Objects scanned: 217920

Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by William Osipoff at 19:23:25.12 on Mon 03/07/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1404 [GMT -5:00]

.

AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky PURE *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Kvaser\Drivers\kvenumsrv.exe

C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\National Instruments\MAX\nimxs.exe

C:\WINDOWS\system32\nipalsm.exe

C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe

C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe

C:\WINDOWS\system32\nipalsm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe

C:\WINDOWS\system32\nipxism.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\Explorer.EXE

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\William Osipoff\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll

BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [NIRegistrationWizard] c:\program files\national instruments\shared\registrationwizard\bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [soundMan] SOUNDMAN.EXE

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg

mRun: [openvpn-gui] c:\program files\openvpn\bin\openvpn-gui.exe

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [niDevMon] c:\program files\national instruments\ni-daq\hwconfig\nidevmon.exe

mRun: [NI Background Service] c:\program files\national instruments\shared\update service\niupdate.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [Launch PC Probe II] "c:\program files\asus\pc probe ii\Probe2.exe" 1

mRun: [Launch Ai Booster] "c:\program files\asus\ai booster\OverClk.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\willia~1\startm~1\programs\startup\x10com~1.lnk - c:\program files\home control\X10BURST.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll

Trusted Zone: nvidia.com\www

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190709753484

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\willia~1\applic~1\mozilla\firefox\profiles\raabsthh.bill\

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPLV80Win32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nplv85win32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nplv86win32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nplv90win32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll

FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll

FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 8\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2011-2-19 88632]

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2010-3-24 15448]

R0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\system32\drivers\nipxibaf.sys [2010-6-21 58504]

R0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\system32\drivers\nipxibrc.sys [2010-6-21 42136]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2011-2-19 39352]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-2-19 315408]

R1 spusbaudio;USB Microphone;c:\windows\system32\drivers\CA506AA.sys [2008-8-26 39824]

R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]

R2 KvEnumSrv;Kvaser Network Enumerator Service;c:\program files\kvaser\drivers\KvEnumSrv.exe [2009-10-21 72208]

R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2010-3-24 12696]

R2 NIApplicationWebServer;NI Application Web Server;c:\program files\national instruments\shared\ni webserver\ApplicationWebServer.exe [2010-6-22 47776]

R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2007-4-16 37376]

R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2007-4-16 21504]

R2 nicanpk;nicanpk;c:\windows\system32\drivers\nicanpkl.sys [2010-6-11 11408]

R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2007-4-16 674304]

R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2010-3-24 12696]

R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2007-4-16 50688]

R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\ivi foundation\visa\winnt\nivisa\niLxiDiscovery.exe [2010-6-23 131776]

R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\national instruments\shared\mdns responder\nimdnsResponder.exe [2010-6-23 193712]

R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2007-4-16 30208]

R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-6-14 11416]

R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2007-4-16 111616]

R2 nistreamk;nistreamk;c:\windows\system32\drivers\nistreamkl.sys [2010-6-17 19608]

R2 nitsuu;nitsuu;c:\windows\system32\nipalsm.exe [2010-3-24 12696]

R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-6-23 11432]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

R3 kcanv;Kvaser Virtual CAN Driver;c:\windows\system32\drivers\kcanv.sys [2009-10-21 52016]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 kvnetenum;Kvaser Network Enumerator;c:\windows\system32\drivers\kvnetenum.sys [2009-10-21 26672]

R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-6-11 11432]

R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-8-24 11360]

R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2010-2-1 11872]

R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2010-6-15 11408]

R3 SPCA506AV;X10 VA11A Video Capture;c:\windows\system32\drivers\CA506AV.SYS [2008-8-26 162096]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\willia~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\willia~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\willia~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\willia~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 AVP;Kaspersky PURE;c:\program files\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 ISWKL;ZoneAlarm ForceField ISWKL;\??\c:\program files\checkpoint\zaforcefield\iswkl.sys --> c:\program files\checkpoint\zaforcefield\ISWKL.sys [?]

S3 cmuda2;Audio Advantage Micro Interface;c:\windows\system32\drivers\cmuda2.sys [2010-11-21 705536]

S3 flash;flash;\??\c:\documents and settings\william osipoff\my documents\download\pc repairs\serenity\bios_v1.10_dos_winx86x64\x86\flash.sys --> c:\documents and settings\william osipoff\my documents\download\pc repairs\serenity\bios_v1.10_dos_winx86x64\x86\flash.sys [?]

S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?]

S3 kcanl;Kvaser Leaf Family Driver;c:\windows\system32\drivers\kcanl.sys [2009-10-21 109136]

S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-5 20104]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]

S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2010-6-21 26192]

S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2010-6-21 11344]

S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2010-6-21 22608]

S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2009-12-15 17480]

S3 nicanpkw;NI-CAN Driver;c:\windows\system32\drivers\nicanpkw.sys [2009-9-11 11336]

S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2009-7-17 11352]

S3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2010-6-15 11440]

S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2010-6-15 11408]

S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2010-2-25 11336]

S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2010-2-6 11344]

S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2009-5-27 11360]

S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2010-6-15 11408]

S3 niemrkw;niemrkw;c:\windows\system32\drivers\niemrkw.sys --> c:\windows\system32\drivers\niemrkw.sys [?]

S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2010-6-15 11408]

S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2009-6-17 11640]

S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2009-4-8 11352]

S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2010-2-2 11904]

S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2009-7-23 14464]

S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2009-7-23 151683]

S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2010-2-1 11880]

S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-2-5 11360]

S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-6-2 11968]

S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-6-2 11968]

S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2009-6-11 11392]

S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-6-14 21144]

S3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2010-6-15 11400]

S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [2009-6-1 11328]

S3 niRFSGk;niRFSGk;c:\windows\system32\drivers\niRFSGkl.sys [2009-4-27 11328]

S3 NiRioRpc;National Instruments RIO Server;c:\windows\system32\NiRioRpc.exe [2010-6-26 31880]

S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2009-7-14 11376]

S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-2-10 11352]

S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-2-5 11344]

S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2009-6-18 11344]

S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2009-7-14 11376]

S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2009-6-26 11352]

S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2010-6-15 11408]

S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-1-5 11312]

S3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2010-5-3 11400]

S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-8-31 11360]

S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2009-9-1 11336]

S3 niSynck;niSynck;c:\windows\system32\drivers\niSynckl.sys [2010-6-22 11408]

S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2010-2-6 11360]

S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2009-4-10 11328]

S3 nitsuk;nitsuk;c:\windows\system32\drivers\nitsukl.sys [2010-5-5 11424]

S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2010-6-15 11432]

S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-6-23 11432]

S3 niwdk;niwdk;c:\windows\system32\drivers\niwdk.sys [2009-8-14 28256]

S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2010-6-15 11408]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 332928]

S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]

S3 usb6xxxkw;usb6xxxkw;c:\windows\system32\drivers\usb6xxxkw.sys --> c:\windows\system32\drivers\usb6xxxkw.sys [?]

S3 uti2njex;AVZ Kernel Driver;\??\c:\windows\system32\drivers\uti2njex.sys --> c:\windows\system32\drivers\uti2njex.sys [?]

S3 VPCASp50;VPCASp50 NDIS Protocol Driver;c:\windows\system32\drivers\VPCASp50.sys [2010-3-8 27072]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2010-11-21 7040]

S4 gupdate1c98f9c655555b2;Google Update Service (gupdate1c98f9c655555b2);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]

.

=============== Created Last 30 ================

.

2011-03-05 23:05:32 162392 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

2011-02-27 19:01:18 -------- d-----w- C:\BEARS

2011-02-27 18:58:34 -------- d-----w- c:\program files\BEARS BIA Tool

2011-02-20 00:03:21 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-02-20 00:03:21 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2011-02-20 00:02:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys

2011-02-20 00:02:43 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys

2011-02-20 00:01:41 -------- d-----w- c:\program files\common files\InfoWatch

2011-02-20 00:01:38 -------- d-----w- c:\program files\Kaspersky Lab

2011-02-20 00:01:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab

2011-02-20 00:00:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

2011-02-19 01:16:35 -------- d-----w- C:\_OTL

2011-02-13 16:52:47 -------- d-----w- c:\windows\Internet Logs

2011-02-12 23:45:35 -------- d-----w- c:\program files\ESET

2011-02-10 00:13:53 -------- d-----w- C:\Combo-Fix

.

==================== Find3M ====================

.

2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2011-01-06 23:50:01 102400 ----a-w- c:\windows\RegBootClean.exe

2011-01-02 20:00:00 60416 ----a-w- c:\windows\ALCFDRTM.VER

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 19:24:45.28 ===============

Please let me know what to do next. :)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

We Need to check for Rootkits with RootRepeal

  1. Download RootRepeal from the following location and save it to your desktop.

[*]Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)

[*]Rar Mirrors - Only if you know what a RAR is and can extract it.

[*]Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).

[*]Open rootRepealDesktopIcon.png on your desktop.

[*]Click the reportTab.png tab.

[*]Click the btnScan.png button.

[*]Check all seven boxes: checkBoxes2.png

[*]Push Ok

[*]Check the box for your main system drive (Usually C:), and press Ok.

[*]Allow RootRepeal to run a scan of your system. This may take some time.

[*]Once the scan completes, push the saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Link to post
Share on other sites
BillinDetroit

BillinDetroit

Posted
  • Author
Posted

RootRepeal continues running (I say running because the hard drive light is ON almost continuously, I can see that the folder being scanned has changed since last night, and if I were to put a stethoscope on the drive I can hear it is active). I am hesitant to do any more intrusive observations as I don't want to prevent it from completing this already lengthy process if it will end and provide us some useful information - but I am beginning to have my doubts as this has happened before where RootRepeal did not finish its run.

I can let it run for now - I will check it this afternoon or early evening. :(

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.