also @ TechSpot: Google, Samsung unveil Chromebook, Chromebox with Chrome OS 19

TechSpot

TechSpot News Products Downloads Forums

Collaborate in the cloud with Office, Exchange, SharePoint, and Lync.
Microsoft Office 365. Pay-as-you-go starting at $8/user/month. Begin your free trial now.

[Inactive] Can't get rid of Google redirect virus

Discussion in 'Virus and Malware Removal' started by abcdmm, Jan 19, 2011.

Thread Status:: Not open for further replies.

Page 1 of 2

abcdmm Newcomer, in training

I have had a Google redirect virus for a few months now. In addition, sometimes a virus prompt comes up saying I need to purchase some strange software.

I've downloaded Malwarebytes and Microsoft Security and they don't catch anything.

I'm not sure how to post a log like I see on some of these forums - I'm definitely a beginner!

If anyone could help and start with the very basics that would help.

Thanks!

abcdmm, Jan 19, 2011

#1
Bobbye Helper on the Fringe

Welcome to TechSpot! I'll be glad to help you, but I need to get some information first.

We ask that the logs be pasted into your next reply. Instructions are with the programs. For logs that are copied, you will open Notepad> click on Format> uncheck Word Wrap> and copy the log to that. Then paste in your next reply- you can use more than one reply if needed, but keep everything in this thread.

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Bobbye, Jan 20, 2011

#2
abcdmm Newcomer, in training

Malwarebytes Log

Here is the Malwarebytes log. Moving on to the next steps...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5565

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/21/2011 9:31:05 AM
mbam-log-2011-01-21 (09-31-05).txt

Scan type: Quick scan
Objects scanned: 141535
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

abcdmm, Jan 21, 2011

#3
abcdmm Newcomer, in training

gmer log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-21 10:18:13
Windows 5.1.2600 Service Pack 3
Running: b9gzczfn.exe; Driver: C:\DOCUME~1\Miller\LOCALS~1\Temp\uxtdapow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF622A360, 0x225D9D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

abcdmm, Jan 21, 2011

#4
abcdmm Newcomer, in training

DDS log

DDS (Ver_10-12-12.02) - NTFSx86
Run by Miller at 10:25:34.34 on Fri 01/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1493 [GMT -6:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
svchost.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Miller\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [Google Update] "c:\documents and settings\miller\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291874137734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 MpKsl2316c12e;MpKsl2316c12e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a240060a-1294-4eed-a58a-0f7a67a7ee80}\mpksl2316c12e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a240060a-1294-4eed-a58a-0f7a67a7ee80}\MpKsl2316c12e.sys [?]
R1 MpKsl6425ccf1;MpKsl6425ccf1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a240060a-1294-4eed-a58a-0f7a67a7ee80}\mpksl6425ccf1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a240060a-1294-4eed-a58a-0f7a67a7ee80}\MpKsl6425ccf1.sys [?]
R1 MpKsle3525020;MpKsle3525020;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9208d805-ada4-4047-bf47-3d1f9ead5702}\MpKsle3525020.sys [2011-1-21 28752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]

=============== Created Last 30 ================

2011-01-21 16:19:09 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{9208d805-ada4-4047-bf47-3d1f9ead5702}\MpKsle3525020.sys
2011-01-21 16:18:58 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{9208d805-ada4-4047-bf47-3d1f9ead5702}\mpengine.dll
2011-01-06 23:53:29 -------- d-----w- c:\docume~1\miller\applic~1\Malwarebytes
2011-01-06 23:53:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 23:53:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-06 23:53:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 23:53:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A4AFAB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007b[0x8A512F18]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007a[0x8A4AF030]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!

============= FINISH: 10:25:44.23 ===============

abcdmm, Jan 21, 2011

#5
abcdmm Newcomer, in training

DDS "Attach" Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/9/2010 12:03:07 AM
System Uptime: 1/21/2011 9:22:55 AM (1 hours ago)

Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 Mobile Technology MK-36 | Socket S1 | 2009/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 62 GiB total, 40.118 GiB free.
D: is FIXED (FAT32) - 12 GiB total, 1.224 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/9/2010 12:03:12 AM - System Checkpoint
RP2: 12/9/2010 12:07:39 AM - Installed Vongo
RP3: 12/8/2010 11:11:53 PM - Configured Customer Experience Enhancement
RP4: 12/8/2010 11:12:27 PM - Configured easy Internet sign-up
RP5: 12/8/2010 11:16:06 PM - Removed HP Help and Support
RP6: 12/8/2010 11:22:38 PM - Removed HP Help and Support
RP7: 12/8/2010 11:28:35 PM - Removed HP Quick Launch Buttons
RP8: 12/8/2010 11:29:33 PM - Removed HP User Guides 0031
RP9: 12/8/2010 11:33:11 PM - Removed Macromedia Flash Player 8
RP10: 12/8/2010 11:33:19 PM - Removed Macromedia Shockwave Player
RP11: 12/8/2010 11:34:26 PM - Removed Microsoft Office Standard Edition 2003
RP12: 12/8/2010 11:35:34 PM - Removed Microsoft Works
RP13: 12/8/2010 11:36:09 PM - Removed muvee autoProducer 5.0
RP14: 12/8/2010 11:41:36 PM - Removed Office 2003 Trial Assistant
RP15: 12/8/2010 11:41:57 PM - Removed Quicken 2006
RP16: 12/8/2010 11:42:20 PM - Removed TourSetup
RP17: 12/8/2010 11:42:29 PM - Removed Vongo
RP18: 12/8/2010 11:42:59 PM - Removed Wireless Home Network Setup
RP19: 12/8/2010 11:48:34 PM - Installed Windows XP KB914882.
RP20: 12/8/2010 11:52:27 PM - Removed HP Help and Support
RP21: 12/8/2010 11:53:02 PM - Removed HP User Guides 0031
RP22: 12/9/2010 6:22:52 PM - Software Distribution Service 3.0
RP23: 12/9/2010 6:49:48 PM - Software Distribution Service 3.0
RP24: 12/9/2010 7:01:55 PM - Software Distribution Service 3.0
RP25: 12/9/2010 8:00:06 PM - Software Distribution Service 3.0
RP26: 12/9/2010 11:38:42 PM - Software Distribution Service 3.0
RP27: 12/10/2010 6:24:37 AM - Software Distribution Service 3.0
RP28: 12/10/2010 9:18:51 PM - Software Distribution Service 3.0
RP29: 12/10/2010 9:34:46 PM - Software Distribution Service 3.0
RP30: 12/12/2010 2:01:39 AM - Software Distribution Service 3.0
RP31: 12/13/2010 4:27:47 PM - Software Distribution Service 3.0
RP32: 12/14/2010 11:42:14 PM - Software Distribution Service 3.0
RP33: 12/14/2010 11:59:57 PM - Installed DirectX
RP34: 12/15/2010 2:55:09 PM - Software Distribution Service 3.0
RP35: 12/16/2010 4:40:26 PM - Software Distribution Service 3.0
RP36: 12/19/2010 8:51:33 PM - Software Distribution Service 3.0
RP37: 12/21/2010 8:48:13 AM - System Checkpoint
RP38: 12/22/2010 9:27:59 PM - System Checkpoint
RP39: 12/24/2010 2:56:57 AM - System Checkpoint
RP40: 12/24/2010 5:55:50 AM - Software Distribution Service 3.0
RP41: 12/25/2010 5:55:43 AM - Software Distribution Service 3.0
RP42: 12/26/2010 2:04:50 AM - Software Distribution Service 3.0
RP43: 12/26/2010 5:55:42 AM - Software Distribution Service 3.0
RP44: 12/27/2010 5:55:34 AM - Software Distribution Service 3.0
RP45: 12/28/2010 5:55:43 AM - Software Distribution Service 3.0
RP46: 12/29/2010 5:55:28 AM - Software Distribution Service 3.0
RP47: 12/30/2010 8:00:24 AM - System Checkpoint
RP48: 12/30/2010 10:01:02 PM - Software Distribution Service 3.0
RP49: 1/1/2011 6:40:38 AM - System Checkpoint
RP50: 1/1/2011 10:00:52 PM - Software Distribution Service 3.0
RP51: 1/5/2011 3:46:37 AM - System Checkpoint
RP52: 1/6/2011 10:15:57 AM - Software Distribution Service 3.0
RP53: 1/6/2011 10:02:16 PM - Software Distribution Service 3.0
RP54: 1/8/2011 1:11:04 AM - System Checkpoint
RP55: 1/8/2011 3:12:54 PM - Software Distribution Service 3.0
RP56: 1/9/2011 1:30:44 AM - Software Distribution Service 3.0
RP57: 1/9/2011 3:13:01 PM - Software Distribution Service 3.0
RP58: 1/10/2011 5:35:30 PM - System Checkpoint
RP59: 1/10/2011 9:36:24 PM - Software Distribution Service 3.0
RP60: 1/11/2011 9:36:27 PM - Software Distribution Service 3.0
RP61: 1/12/2011 8:22:59 AM - Software Distribution Service 3.0
RP62: 1/13/2011 8:47:24 AM - Software Distribution Service 3.0
RP63: 1/14/2011 8:51:28 AM - Software Distribution Service 3.0
RP64: 1/15/2011 2:45:10 PM - System Checkpoint
RP65: 1/16/2011 2:21:07 AM - Software Distribution Service 3.0
RP66: 1/16/2011 8:47:10 AM - Software Distribution Service 3.0
RP67: 1/17/2011 8:47:15 AM - Software Distribution Service 3.0
RP68: 1/18/2011 8:47:49 AM - Software Distribution Service 3.0
RP69: 1/19/2011 8:47:36 AM - Software Distribution Service 3.0
RP70: 1/20/2011 10:03:47 AM - Software Distribution Service 3.0
RP71: 1/21/2011 8:48:43 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Conexant HD Audio
Google Chrome
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP QuickPlay 2.3
HP Update
HP Wireless Assistant 2.00 G2
HpSdpAppCoreApp
J2SE Runtime Environment 5.0 Update 6
LightScribe 1.4.97.1
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Security Essentials
NetWaiting
NVIDIA Drivers
Office 2003 Trial Assistant
Runes of Magic
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Synaptics Pointing Device Driver
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vongo
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

1/21/2011 9:22:11 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/21/2011 9:04:19 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 9:04:19 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 9:04:19 AM, error: Service Control Manager [7034] - The dlbt_device service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 9:04:19 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/15/2011 8:46:38 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3946.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==== End Of File ===========================

abcdmm, Jan 21, 2011

#6
abcdmm Newcomer, in training

Steps Complete

Ok that should be all of the logs. Just let me know where to go from here. Thanks!

abcdmm, Jan 21, 2011

#7
Bobbye Helper on the Fringe
Thank you. You did a nice job on the logs. There is no specific "Google Redirect virus"-many malware infections will cause a redirect and since most people use Google to search, it has been given this name;

It appears that you may have a rootkit on the MBR, so we'll check for that first:

Please download MBR Rootkit Detector and save it on your desktop.

Pause/Stop all antivirus/spyware active protection.

Then double click on mbr.exe to run it.

Select Run when you receive a Security Warning

The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.

A log file will the be created on your desktop where you ran mbr.exe

Copy and paste the contents of mbr.log on your next reply.

============================
Then Run Eset NOD32 Online AntiVirus scan HERE

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the Active X control to install

Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.

Click Start

Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked

Click Scan

Wait for the scan to finish

Re-enable your Antivirus software.

A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Bobbye, Jan 23, 2011

#8
abcdmm Newcomer, in training

MBR log

No notepad doc appeared on the desktop but I found one in my downloads folder next to mbr.exe. Here are the contents:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!

abcdmm, Jan 24, 2011

#9
abcdmm Newcomer, in training

Eset log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=5d14a4050a45fc4fa8fdb332615cea07
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-24 09:33:04
# local_time=2011-01-24 03:33:04 (-0600, Central Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 100 100 0 25407130 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=49803
# found=0
# cleaned=0
# scan_time=1832

abcdmm, Jan 24, 2011

#10
Bobbye Helper on the Fringe
Are you still having the redirects and virus alert popups? The Eset scan is clean, but the MBR report is puzzling. Did you close all active program, windows and email before running the MBR scan. Lets' try the following:
Download bootkitremover.rar and save it to your desktop.

Extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip

Double-click on the remover.exe file to run the program.

Paste the output in your next reply.

then run the following:

Open Notepad

Copy and paste the text in the codebox into Notepad:

Code:

@ECHO OFF START remover.exe fix \\.\PhysicalDrive0 EXIT

Go File > Save As

Save as Type choose All Files

For File Name type fix.bat

Save In> choose Desktop

Save

Double click to Run fix.bat

(You may see a black box appear; this is normal.)

Run remover.exe again and post its output.

Do NOT reboot computer!
Bobbye, Jan 27, 2011

#11
abcdmm Newcomer, in training

Yes, still getting redirects and virus alerts. And I think the only application I had open was a notepad doc when I ran the MBR.

Here are the results from the 1st Bootkit removal log

.\debug.cpp(238) : Debug log started at 27.01.2011 - 18:10:42
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf7358000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf7347000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf7487000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf7497000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf74a7000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf789b000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xf789f000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf798b000 0x00002000 "intelide.sys"
.\debug.cpp(256) : 0xf798d000 0x00002000 "viaide.sys"
.\debug.cpp(256) : 0xf798f000 0x00002000 "aliide.sys"
.\debug.cpp(256) : 0xf7329000 0x0001e000 "pcmcia.sys"
.\debug.cpp(256) : 0xf74b7000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf730a000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf7991000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf72e4000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf78a3000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xf7a50000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf74c7000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf72cc000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf72b3000 0x00019000 "nvata.sys"
.\debug.cpp(256) : 0xf74d7000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf74e7000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf7293000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf7281000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf7717000 0x00005000 "PxHelp20.sys"
.\debug.cpp(256) : 0xf726a000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf71dd000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf71b0000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf74f7000 0x00010000 "Serial.sys"
.\debug.cpp(256) : 0xf7196000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf76a7000 0x0000e000 "\SystemRoot\system32\DRIVERS\AmdK8.sys"
.\debug.cpp(256) : 0xf7166000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xf7162000 0x00003000 "\SystemRoot\system32\DRIVERS\cpqbttn.sys"
.\debug.cpp(256) : 0xf76b7000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xf775f000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xf715e000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xf66d0000 0x00069000 "\SystemRoot\system32\DRIVERS\bcmwl5.sys"
.\debug.cpp(256) : 0xf634b000 0x00385000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xf6337000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf7923000 0x00003000 "\SystemRoot\system32\DRIVERS\nvsmu.sys"
.\debug.cpp(256) : 0xf7767000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xf6313000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf776f000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf76c7000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf76d7000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf76e7000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf62f0000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf62c8000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xf6dce000 0x00004000 "\SystemRoot\system32\DRIVERS\nvnetbus.sys"
.\debug.cpp(256) : 0xf627d000 0x0004b000 "\SystemRoot\system32\DRIVERS\NVNRM.SYS"
.\debug.cpp(256) : 0xf6246000 0x00037000 "\SystemRoot\system32\DRIVERS\NVSNPU.SYS"
.\debug.cpp(256) : 0xf76f7000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf7777000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf6216000 0x00030000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xf79b5000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf777f000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf7a64000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf7507000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf6dca000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf61ff000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf7517000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf7527000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf7787000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf61ee000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf7537000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf778f000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf7797000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf61be000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xf2815000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf7997000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf1496000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf2042000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf156a000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xf2805000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf27f5000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf1fa3000 0x00009000 "\SystemRoot\system32\DRIVERS\NVENETFD.sys"
.\debug.cpp(256) : 0xef343000 0x00095000 "\SystemRoot\system32\drivers\CHDAud.sys"
.\debug.cpp(256) : 0xef31f000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf1f73000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xef2ec000 0x00033000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
.\debug.cpp(256) : 0xef1fa000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
.\debug.cpp(256) : 0xef148000 0x000b2000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xf2b4b000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xecc26000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
.\debug.cpp(256) : 0xeb4f4000 0x00023000 "\SystemRoot\system32\DRIVERS\MpFilter.sys"
.\debug.cpp(256) : 0xf7a11000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf274e000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf7a13000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xec579000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf7a15000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf7a17000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xec571000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xec569000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xec334000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xeb4c1000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xeb468000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xeb440000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xeb41e000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf3294000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xeb3f3000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xeb383000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf3284000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xeb35d000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xf3264000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xeb339000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0xeb320000 0x00019000 "\SystemRoot\System32\Drivers\dump_nvata.sys"
.\debug.cpp(256) : 0xf7a2b000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xf1482000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xebc2e000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7b27000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x003ce000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xf203e000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xb9d4b000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xf67a9000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xec1f1000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb9a20000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xb9877000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xb97f7000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb972f000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xb9718000 0x00017000 "\??\C:\WINDOWS\system32\drivers\mqac.sys"
.\debug.cpp(256) : 0xb96be000 0x00032000 "\??\C:\WINDOWS\system32\drivers\RMCast.sys"
.\debug.cpp(256) : 0xf1582000 0x00002000 "\SystemRoot\System32\Drivers\hiber_WMILIB.SYS"
.\debug.cpp(256) : 0xf2b23000 0x00006000 "\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99903649-48DE-432C-9A0E-CD0CE342D8DA}\MpKsleedd3bdd.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature282D282DOffset7E00LengthF7EBB3800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1E997D76-6A47-4212-96C1-5B60A0175376}"
.\debug.cpp(400) : Destination "\Device\{1E997D76-6A47-4212-96C1-5B60A0175376}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E7CCFDEE-7C1D-4127-85D7-707186D43444}"
.\debug.cpp(400) : Destination "\Device\{E7CCFDEE-7C1D-4127-85D7-707186D43444}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026D&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026E&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskFUJITSU_MHV2080BH_______________________892C____#574E333136543238364538442020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CE8D9D70-5BE6-4465-9A14-0BD896FFF818}"
.\debug.cpp(400) : Destination "\Device\{CE8D9D70-5BE6-4465-9A14-0BD896FFF818}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpKsleedd3bdd"
.\debug.cpp(400) : Destination "\Device\MpKsleedd3bdd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
.\debug.cpp(400) : Destination "\Device\I2OExec"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E9A32F55-BD92-4468-90E2-75F72669ABB7}"
.\debug.cpp(400) : Destination "\Device\{E9A32F55-BD92-4468-90E2-75F72669ABB7}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature282D282DOffsetF7EBC3400Length2E2D3C800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1a3e09be-1e45-494b-9174-d7385b45bbf5}#NVNET_DEV0269#4&e5d621b&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&13c0b0c5&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0269&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&A0#{c4f6eed3-1c5e-4f43-a768-83ecba42fcc1}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5186B77C-A91D-45F2-95E9-FE9507A2DDEA}"
.\debug.cpp(400) : Destination "\Device\{5186B77C-A91D-45F2-95E9-FE9507A2DDEA}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&13c0b0c5&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2&daba3ff&0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FA5D31C0-9D05-40FE-B222-71A8E2954759}"
.\debug.cpp(400) : Destination "\Device\{FA5D31C0-9D05-40FE-B222-71A8E2954759}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&3753860b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7345B1BB-B8B9-45A3-BB13-788652C03E6D}"
.\debug.cpp(400) : Destination "\Device\{7345B1BB-B8B9-45A3-BB13-788652C03E6D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_76#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aeb-0359-11e0-9d49-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4311&SUBSYS_1363103C&REV_01#4&14c5f9b7&0&0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0244&SUBSYS_30B7103C&REV_A2#3&13c0b0c5&0&28#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&6cd36d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aea-0359-11e0-9d49-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination "\Device\MICH_AZ0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FBDEFAD9-738F-42B6-AF65-8FAF2A96B577}"
.\debug.cpp(400) : Destination "\Device\{FBDEFAD9-738F-42B6-AF65-8FAF2A96B577}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MQAC"
.\debug.cpp(400) : Destination "\Device\MQAC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&53#{8ad261ed-6aec-4b95-b844-552766d76ef9}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{977C4A7D-BF88-42C2-BA9E-F17772E518E1}"
.\debug.cpp(400) : Destination "\Device\{977C4A7D-BF88-42C2-BA9E-F17772E518E1}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0002#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col01#3&563a312&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\NvAta0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aec-0359-11e0-9d49-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0129#3&13c0b0c5&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(276) : Boot sector MD5 is: b5ea3a26c2ce29f225a541a7d699387b
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 74 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;

abcdmm, Jan 27, 2011

#12
abcdmm Newcomer, in training

After running fix.bat, here is the second bootkit removal log:

.\debug.cpp(238) : Debug log started at 27.01.2011 - 18:23:38
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf7358000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf7347000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf7487000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf7497000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf74a7000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf789b000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xf789f000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf798b000 0x00002000 "intelide.sys"
.\debug.cpp(256) : 0xf798d000 0x00002000 "viaide.sys"
.\debug.cpp(256) : 0xf798f000 0x00002000 "aliide.sys"
.\debug.cpp(256) : 0xf7329000 0x0001e000 "pcmcia.sys"
.\debug.cpp(256) : 0xf74b7000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf730a000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf7991000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf72e4000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf78a3000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xf7a50000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf74c7000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf72cc000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf72b3000 0x00019000 "nvata.sys"
.\debug.cpp(256) : 0xf74d7000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf74e7000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf7293000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf7281000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf7717000 0x00005000 "PxHelp20.sys"
.\debug.cpp(256) : 0xf726a000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf71dd000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf71b0000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf74f7000 0x00010000 "Serial.sys"
.\debug.cpp(256) : 0xf7196000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf76a7000 0x0000e000 "\SystemRoot\system32\DRIVERS\AmdK8.sys"
.\debug.cpp(256) : 0xf7166000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xf7162000 0x00003000 "\SystemRoot\system32\DRIVERS\cpqbttn.sys"
.\debug.cpp(256) : 0xf76b7000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xf775f000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xf715e000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xf66d0000 0x00069000 "\SystemRoot\system32\DRIVERS\bcmwl5.sys"
.\debug.cpp(256) : 0xf634b000 0x00385000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xf6337000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf7923000 0x00003000 "\SystemRoot\system32\DRIVERS\nvsmu.sys"
.\debug.cpp(256) : 0xf7767000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xf6313000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf776f000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf76c7000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf76d7000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf76e7000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf62f0000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf62c8000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xf6dce000 0x00004000 "\SystemRoot\system32\DRIVERS\nvnetbus.sys"
.\debug.cpp(256) : 0xf627d000 0x0004b000 "\SystemRoot\system32\DRIVERS\NVNRM.SYS"
.\debug.cpp(256) : 0xf6246000 0x00037000 "\SystemRoot\system32\DRIVERS\NVSNPU.SYS"
.\debug.cpp(256) : 0xf76f7000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf7777000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf6216000 0x00030000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xf79b5000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf777f000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf7a64000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf7507000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf6dca000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf61ff000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf7517000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf7527000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf7787000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf61ee000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf7537000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf778f000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf7797000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf61be000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xf2815000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf7997000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf1496000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf2042000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf156a000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xf2805000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf27f5000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf1fa3000 0x00009000 "\SystemRoot\system32\DRIVERS\NVENETFD.sys"
.\debug.cpp(256) : 0xef343000 0x00095000 "\SystemRoot\system32\drivers\CHDAud.sys"
.\debug.cpp(256) : 0xef31f000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf1f73000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xef2ec000 0x00033000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
.\debug.cpp(256) : 0xef1fa000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
.\debug.cpp(256) : 0xef148000 0x000b2000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xf2b4b000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xecc26000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
.\debug.cpp(256) : 0xeb4f4000 0x00023000 "\SystemRoot\system32\DRIVERS\MpFilter.sys"
.\debug.cpp(256) : 0xf7a11000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf274e000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf7a13000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xec579000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf7a15000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf7a17000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xec571000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xec569000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xec334000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xeb4c1000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xeb468000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xeb440000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xeb41e000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf3294000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xeb3f3000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xeb383000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf3284000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xeb35d000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xf3264000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xeb339000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0xeb320000 0x00019000 "\SystemRoot\System32\Drivers\dump_nvata.sys"
.\debug.cpp(256) : 0xf7a2b000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xf1482000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xebc2e000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7b27000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x003ce000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xf203e000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xb9d4b000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xf67a9000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xec1f1000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb9a20000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xb9877000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xb97f7000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb972f000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xb9718000 0x00017000 "\??\C:\WINDOWS\system32\drivers\mqac.sys"
.\debug.cpp(256) : 0xb96be000 0x00032000 "\??\C:\WINDOWS\system32\drivers\RMCast.sys"
.\debug.cpp(256) : 0xf1582000 0x00002000 "\SystemRoot\System32\Drivers\hiber_WMILIB.SYS"
.\debug.cpp(256) : 0xf2b23000 0x00006000 "\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99903649-48DE-432C-9A0E-CD0CE342D8DA}\MpKsleedd3bdd.sys"
.\debug.cpp(256) : 0xb68a8000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1E997D76-6A47-4212-96C1-5B60A0175376}"
.\debug.cpp(400) : Destination "\Device\{1E997D76-6A47-4212-96C1-5B60A0175376}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature282D282DOffset7E00LengthF7EBB3800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E7CCFDEE-7C1D-4127-85D7-707186D43444}"
.\debug.cpp(400) : Destination "\Device\{E7CCFDEE-7C1D-4127-85D7-707186D43444}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026D&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026E&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskFUJITSU_MHV2080BH_______________________892C____#574E333136543238364538442020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CE8D9D70-5BE6-4465-9A14-0BD896FFF818}"
.\debug.cpp(400) : Destination "\Device\{CE8D9D70-5BE6-4465-9A14-0BD896FFF818}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpKsleedd3bdd"
.\debug.cpp(400) : Destination "\Device\MpKsleedd3bdd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
.\debug.cpp(400) : Destination "\Device\I2OExec"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E9A32F55-BD92-4468-90E2-75F72669ABB7}"
.\debug.cpp(400) : Destination "\Device\{E9A32F55-BD92-4468-90E2-75F72669ABB7}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1a3e09be-1e45-494b-9174-d7385b45bbf5}#NVNET_DEV0269#4&e5d621b&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature282D282DOffsetF7EBC3400Length2E2D3C800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&13c0b0c5&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0269&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&A0#{c4f6eed3-1c5e-4f43-a768-83ecba42fcc1}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5186B77C-A91D-45F2-95E9-FE9507A2DDEA}"
.\debug.cpp(400) : Destination "\Device\{5186B77C-A91D-45F2-95E9-FE9507A2DDEA}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&13c0b0c5&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2&daba3ff&0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FA5D31C0-9D05-40FE-B222-71A8E2954759}"
.\debug.cpp(400) : Destination "\Device\{FA5D31C0-9D05-40FE-B222-71A8E2954759}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&3753860b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7345B1BB-B8B9-45A3-BB13-788652C03E6D}"
.\debug.cpp(400) : Destination "\Device\{7345B1BB-B8B9-45A3-BB13-788652C03E6D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_76#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4311&SUBSYS_1363103C&REV_01#4&14c5f9b7&0&0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aeb-0359-11e0-9d49-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0244&SUBSYS_30B7103C&REV_A2#3&13c0b0c5&0&28#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&6cd36d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aea-0359-11e0-9d49-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination "\Device\MICH_AZ0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FBDEFAD9-738F-42B6-AF65-8FAF2A96B577}"
.\debug.cpp(400) : Destination "\Device\{FBDEFAD9-738F-42B6-AF65-8FAF2A96B577}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MQAC"
.\debug.cpp(400) : Destination "\Device\MQAC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&53#{8ad261ed-6aec-4b95-b844-552766d76ef9}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{977C4A7D-BF88-42C2-BA9E-F17772E518E1}"
.\debug.cpp(400) : Destination "\Device\{977C4A7D-BF88-42C2-BA9E-F17772E518E1}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0002#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col01#3&563a312&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\NvAta0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0129#3&13c0b0c5&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aec-0359-11e0-9d49-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;

abcdmm, Jan 27, 2011

#13
Bobbye Helper on the Fringe
Yes, still getting redirects and virus alerts

Please update and run Malwarebytes again.

Also run the following:

SuperAntiSpyware Home Edition Free Version

Please download SuperAntiSpyware from HERE

Launch SuperAntiSpyware and click on 'Check for updates'.

Wait for the updates to be installed

On the main screen click on 'Scan your computer'.

Check: 'Perform Complete Scan then Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.

Make sure everything found has a checkmark next to it,then press 'Next'.

Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Paste the notepad file here on your reply- be sure you check on Format> Uncheck 'Word Wrap' in Notepad.
====================
Bobbye, Jan 27, 2011

#14
abcdmm Newcomer, in training

2nd Malwarebytes Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5630

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/28/2011 10:35:51 AM
mbam-log-2011-01-28 (10-35-41).txt

Scan type: Quick scan
Objects scanned: 142903
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

abcdmm, Jan 28, 2011

#15
abcdmm Newcomer, in training

SuperAntiSpyware Log Pt. 1

There is too much text for one post so I will divide the log into two parts.

PART ONE

Generated 01/28/2011 at 11:22 AM

Application Version : 4.47.1000
Core Rules Database Version : 6296
Trace Rules Database Version: 4108

Scan type : Complete Scan
Total Scan Time : 00:41:41

Memory items scanned : 451
Memory threats detected : 0

Registry items scanned : 6334
Registry threats detected : 0

File items scanned : 22547
File threats detected : 428

Adware.Tracking Cookie
C:\Documents and Settings\Miller\Cookies\miller@bridge2.admarketplace[1].txt
C:\Documents and Settings\Miller\Cookies\miller@rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\Miller\Cookies\miller@chitika[2].txt
C:\Documents and Settings\Miller\Cookies\miller@tacoda.at.atwola[2].txt
C:\Documents and Settings\Miller\Cookies\miller@fastclick[2].txt
C:\Documents and Settings\Miller\Cookies\miller@adserver.adtechus[2].txt
C:\Documents and Settings\Miller\Cookies\miller@admarketplace[1].txt
C:\Documents and Settings\Miller\Cookies\miller@yieldmanager[1].txt
C:\Documents and Settings\Miller\Cookies\miller@invitemedia[2].txt
C:\Documents and Settings\Miller\Cookies\miller@bs.serving-sys[1].txt
C:\Documents and Settings\Miller\Cookies\miller@user.lucidmedia[1].txt
C:\Documents and Settings\Miller\Cookies\miller@sales.liveperson[1].txt
C:\Documents and Settings\Miller\Cookies\miller@enhance[2].txt
C:\Documents and Settings\Miller\Cookies\miller@ad.yieldmanager[2].txt
C:\Documents and Settings\Miller\Cookies\miller@advertise[2].txt
C:\Documents and Settings\Miller\Cookies\miller@tribalfusion[2].txt
C:\Documents and Settings\Miller\Cookies\miller@f2network.112.2o7[1].txt
C:\Documents and Settings\Miller\Cookies\miller@serving-sys[1].txt
C:\Documents and Settings\Miller\Cookies\miller@statcounter[1].txt
C:\Documents and Settings\Miller\Cookies\miller@at.atwola[1].txt
C:\Documents and Settings\Miller\Cookies\miller@apmebf[1].txt
C:\Documents and Settings\Miller\Cookies\miller@bizrate[1].txt
C:\Documents and Settings\Miller\Cookies\miller@atdmt[1].txt
C:\Documents and Settings\Miller\Cookies\miller@adecn[1].txt
C:\Documents and Settings\Miller\Cookies\miller@insightexpressai[2].txt
C:\Documents and Settings\Miller\Cookies\miller@doubleclick[2].txt
C:\Documents and Settings\Miller\Cookies\miller@liveperson[2].txt
C:\Documents and Settings\Miller\Cookies\miller@mediabrandsww[1].txt
C:\Documents and Settings\Miller\Cookies\miller@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\Miller\Cookies\miller@a1.interclick[1].txt
C:\Documents and Settings\Miller\Cookies\miller@questionmarket[1].txt
C:\Documents and Settings\Miller\Cookies\miller@interclick[2].txt
C:\Documents and Settings\Miller\Cookies\miller@internettrafficbuilder[1].txt
C:\Documents and Settings\Miller\Cookies\miller@zedo[1].txt
C:\Documents and Settings\Miller\Cookies\miller@liveperson[4].txt
C:\Documents and Settings\Miller\Cookies\miller@network.realmedia[1].txt
C:\Documents and Settings\Miller\Cookies\miller@pro-market[1].txt
C:\Documents and Settings\Miller\Cookies\miller@collective-media[1].txt
C:\Documents and Settings\Miller\Cookies\miller@atwola[2].txt
C:\Documents and Settings\Miller\Cookies\miller@2o7[2].txt
C:\Documents and Settings\Miller\Cookies\miller@realmedia[2].txt
C:\Documents and Settings\Miller\Cookies\miller@server.cpmstar[2].txt
C:\Documents and Settings\Miller\Cookies\miller@www.adserverplatform[1].txt
C:\Documents and Settings\Miller\Cookies\miller@ad.leadbolt[1].txt
C:\Documents and Settings\Miller\Cookies\miller@advertising[2].txt
C:\Documents and Settings\Miller\Cookies\miller@specificclick[2].txt
C:\Documents and Settings\Miller\Cookies\miller@clicksor[1].txt
C:\Documents and Settings\Miller\Cookies\miller@www.qsstats[1].txt
C:\Documents and Settings\Miller\Cookies\miller@ru4[2].txt
C:\Documents and Settings\Miller\Cookies\miller@cj[2].txt
C:\Documents and Settings\Miller\Cookies\miller@www.qsstats[2].txt
C:\Documents and Settings\Miller\Cookies\miller@banners.protoolreviews[2].txt
C:\Documents and Settings\Miller\Cookies\miller@adbrite[2].txt
C:\Documents and Settings\Miller\Cookies\miller@ads.cnn[1].txt
C:\Documents and Settings\Miller\Cookies\miller@evite.112.2o7[1].txt
C:\Documents and

abcdmm, Jan 28, 2011

#16
abcdmm Newcomer, in training

SuperAntiSpyware Log Pt. 2

Settings\Miller\Cookies\miller@hpi.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\Miller\Cookies\miller@content.yieldmanager[1].txt
C:\Documents and Settings\Miller\Cookies\miller@casalemedia[2].txt
C:\Documents and Settings\Miller\Cookies\miller@myroitracking[2].txt
C:\Documents and Settings\Miller\Cookies\miller@media6degrees[2].txt
C:\Documents and Settings\Miller\Cookies\miller@liveperson[1].txt
C:\Documents and Settings\Miller\Cookies\miller@statse.webtrendslive[2].txt
C:\Documents and Settings\Miller\Cookies\miller@www.epoclick[1].txt
C:\Documents and Settings\Miller\Cookies\miller@imrworldwide[2].txt
C:\Documents and Settings\Miller\Cookies\miller@content.yieldmanager[3].txt
C:\Documents and Settings\Miller\Cookies\miller@xml.trafficengine[1].txt
C:\Documents and Settings\Miller\Cookies\miller@rotator.adjuggler[1].txt
C:\Documents and Settings\Miller\Cookies\miller@mediaplex[2].txt
ads2.msads.net [ C:\Documents and Settings\Miller\Application Data\Macromedia\Flash Player\#SharedObjects\P48WLD3L ]
www.adserverplatform.com [ C:\Documents and Settings\Miller\Application Data\Macromedia\Flash Player\#SharedObjects\P48WLD3L ]
.microsoftsto.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserving.autotrader.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.healthgrades.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.microsoftgamestudio.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.microsoftxbox.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
bridge1.admarketplace.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.admarketplace.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
counter.hitslink.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.hrsaccount.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.hrsaccount.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ge.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.accountonline.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.accountonline.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tracking.realtor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.homestore.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
yellowfishadvertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.walmart.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.aboutcom.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.paypal.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.perf.overture.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ehg-worldvision.hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ehg-worldvision.hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ehg-worldvision.hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.e-2dj6wjk4shcpelp.stats.esomniture.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.bonniercorp.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.e-2dj6wfkikgd5eao.stats.esomniture.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.w3counter.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.qnsr.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.qnsr.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.qnsr.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
clicks.fastlookupdirectory.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
user.lucidmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.automobileclubofsoutherncalifornia.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ehg-aaa.hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.evite.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.gocitymedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.internettrafficbuilder.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cbsdigitalmedia.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.usatoday1.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.allbritton.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.chitika.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
hpi.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kantarmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kantarmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.dispatch.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.game-advertising-online.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.redorbit.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.associatedcontent.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.homedepot.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.enhance.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.enhance.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cn.clickable.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media.community.thenest.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
top5countdown.mevio.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
leads.specificmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
in.getclicky.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn.jemamedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn.jemamedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn.jemamedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
clixrevenue.camaweb_cama.information-seeking.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.r1-ads.ace.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
hpi.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adviva.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.marriottinternational.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ihg.db.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adviva.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
data.coremetrics.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.theclickcheck.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.theclickcheck.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.theclickcheck.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.neudesicmediagroup.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.neudesicmediagroup.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.neudesicmediagroup.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.online-media-stats.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
optimize.indieclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ces.rotator.hadj1.adjuggler.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.timeinc.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clickbank.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.madethecut.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.boostmobile.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
sales.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
clicks.gotitsearch.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ces.rotator.hadj1.adjuggler.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adservices.google.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
a.intentmedia.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.hotels.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
sales.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.goodpersonnecounter.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.goodpersonnecounter.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.msnbc.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.track.parse.ly [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kiplinger.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.cpcadnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.cpcadnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.cpcadnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.cpcadnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.target.db.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.stats.paypal.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.winzip.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.icityfind.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertise.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.plomedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.findstuff.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.shopica.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adecn.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediabrandsww.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tracking.foxnews.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tracking.foxnews.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tracking.foxnews.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.andomedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn1.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn1.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.googleads.g.doubleclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mypersonnecounter.in [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mypersonnecounter.in [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mypersonnecounter.in [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mypersonnecounter.in [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.burstbeacon.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstbeacon.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
rotator.adjuggler.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
clickthrough.kanoodle.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.myroitracking.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

abcdmm, Jan 28, 2011

#17
Bobbye Helper on the Fringe
From Mbam: Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

Mbam shows No action Taken which means you did not check the line for removal. Please run Mbam again and check Be sure that everything is checked, and click Remove Selected.
Did you change some setting for the proxy or server? This is what I see in DDS:
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
Does your ISP require Port 8074?
This port is used by Gadu-Gadu: An Polish instant messaging client using a proprietary protocol. As with ICQ, users are identified by unique serial numbers. Protocol's features include status messages, file sharing, and VoIP. Users may format and embed images in messages.
===============================
SAS has a similar line. IF you did not check it to remove all those tracking Cookies, run it again, check for removal, then do the following:
Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
===========================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2

Double click combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Query- Recovery Console image

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe & follow the prompts to run.

When the scan completes it will open a text window. Please paste that log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Bobbye, Jan 28, 2011

#18
abcdmm Newcomer, in training

Combofix Log

I removed the items from mbam and here are the results of the combofix log. I'm still being redirected while I am posting this.

ComboFix 11-01-29.02 - Miller 01/29/2011 23:41:28.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1560 [GMT -6:00]
Running from: c:\documents and settings\Miller\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.

2011-01-30 05:33 . 2011-01-30 05:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79DBEA37-A0E6-453D-A232-54FD51A84587}\MpKsl1b4adc47.sys
2011-01-29 14:29 . 2011-01-29 14:29 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79DBEA37-A0E6-453D-A232-54FD51A84587}\MpKsl21508f80.sys
2011-01-29 14:28 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79DBEA37-A0E6-453D-A232-54FD51A84587}\mpengine.dll
2011-01-28 20:56 . 2011-01-30 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2011-01-28 20:56 . 2011-01-28 20:56 -------- d-----w- c:\program files\Neoteris
2011-01-28 20:55 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-01-28 20:55 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-01-28 20:55 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-28 20:55 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-28 20:54 . 2011-01-28 20:56 -------- d-----w- c:\documents and settings\Miller\Application Data\Juniper Networks
2011-01-28 16:38 . 2011-01-28 16:38 -------- d-----w- c:\documents and settings\Miller\Application Data\SUPERAntiSpyware.com
2011-01-28 16:38 . 2011-01-28 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-28 16:38 . 2011-01-28 16:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-28 04:33 . 2011-01-28 04:33 -------- d-----w- c:\program files\Microsoft Silverlight
2011-01-27 18:06 . 2011-01-27 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-01-23 23:54 . 2011-01-24 00:05 -------- d-----w- c:\windows\.jagex_cache_32
2011-01-23 23:53 . 2011-01-23 23:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-23 23:53 . 2011-01-23 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-06 23:53 . 2011-01-06 23:53 -------- d-----w- c:\documents and settings\Miller\Application Data\Malwarebytes
2011-01-06 23:53 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 23:53 . 2011-01-06 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-06 23:53 . 2011-01-06 23:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-06 23:53 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2010-12-11 03:19 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-18 18:12 . 2006-03-16 04:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-03-16 04:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-03-16 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2006-03-16 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2006-03-16 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-03-16 04:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-03-16 04:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-09 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Runes of Magic\\Client.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Documents and Settings\\Miller\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

R1 MpKsl1b4adc47;MpKsl1b4adc47;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79DBEA37-A0E6-453D-A232-54FD51A84587}\MpKsl1b4adc47.sys [1/29/2011 11:33 PM 28752]
R1 MpKsl21508f80;MpKsl21508f80;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79DBEA37-A0E6-453D-A232-54FD51A84587}\MpKsl21508f80.sys [1/29/2011 8:29 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 2:39 PM 61952]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSL1B4ADC47
.
Contents of the 'Scheduled Tasks' folder

2011-01-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 03:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 23:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????[??????Y?@?????<?@
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-01-29 23:46:40
ComboFix-quarantined-files.txt 2011-01-30 05:46

Pre-Run: 41,663,795,200 bytes free
Post-Run: 41,659,813,888 bytes free

- - End Of File - - 3B0D23D62EB384B8652610492EF6EFD8

abcdmm, Jan 30, 2011

#19
Bobbye Helper on the Fringe
I'm still being redirected while I am posting this.

Explain please. Redirects happen when you do a search and get redirected to a different site when you choose a URL
==========================================
The deletion of this D:\Autorun.inf in Combofix, suggest you had a possible FlashDrive infection:
Threat Removal Procedure:

[1]. Download Flash_Disinfector and save it to your Desktop.
[2]. After downloading, double-click on Flash_Disinfector to run it.
[3]. Just follow the prompts and continue until it begin scanning.

[4]. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
[5]. It will scan removable drives, wait for the scan to finish. Done.

What will Flash Disinfector Do
- Clean up junks created by flash malwares
- Deletes autorun.inf from every root folder
- Fix back damages done to your system
- Creates an autorun.inf folder in the root of your system drives

The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
===================================================
Bobbye, Jan 30, 2011

#20

(You must log in or sign up to reply here.)

Page 1 of 2

Thread Status:: Not open for further replies.

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved