TechSpot

Can't get rid of Google redirect virus

Inactive
By abcdmm
Jan 19, 2011
Topic Status:
Not open for further replies.
  1. I have had a Google redirect virus for a few months now. In addition, sometimes a virus prompt comes up saying I need to purchase some strange software.

    I've downloaded Malwarebytes and Microsoft Security and they don't catch anything.

    I'm not sure how to post a log like I see on some of these forums - I'm definitely a beginner!

    If anyone could help and start with the very basics that would help.

    Thanks!
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll be glad to help you, but I need to get some information first.

    We ask that the logs be pasted into your next reply. Instructions are with the programs. For logs that are copied, you will open Notepad> click on Format> uncheck Word Wrap> and copy the log to that. Then paste in your next reply- you can use more than one reply if needed, but keep everything in this thread.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    Malwarebytes Log

    Here is the Malwarebytes log. Moving on to the next steps...


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5565

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/21/2011 9:31:05 AM
    mbam-log-2011-01-21 (09-31-05).txt

    Scan type: Quick scan
    Objects scanned: 141535
    Time elapsed: 4 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  4. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    gmer log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-21 10:18:13
    Windows 5.1.2600 Service Pack 3
    Running: b9gzczfn.exe; Driver: C:\DOCUME~1\Miller\LOCALS~1\Temp\uxtdapow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF622A360, 0x225D9D, 0xE8000020]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  5. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    DDS log

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Miller at 10:25:34.34 on Fri 01/21/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1493 [GMT -6:00]

    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    svchost.exe
    C:\WINDOWS\system32\dlbtcoms.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Miller\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    uInternet Settings,ProxyServer = http=127.0.0.1:8074
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [Google Update] "c:\documents and settings\miller\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [nwiz] nwiz.exe /installquiet /nodetect
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291874137734
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
    R1 MpKsl2316c12e;MpKsl2316c12e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a240060a-1294-4eed-a58a-0f7a67a7ee80}\mpksl2316c12e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a240060a-1294-4eed-a58a-0f7a67a7ee80}\MpKsl2316c12e.sys [?]
    R1 MpKsl6425ccf1;MpKsl6425ccf1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a240060a-1294-4eed-a58a-0f7a67a7ee80}\mpksl6425ccf1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a240060a-1294-4eed-a58a-0f7a67a7ee80}\MpKsl6425ccf1.sys [?]
    R1 MpKsle3525020;MpKsle3525020;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9208d805-ada4-4047-bf47-3d1f9ead5702}\MpKsle3525020.sys [2011-1-21 28752]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]

    =============== Created Last 30 ================

    2011-01-21 16:19:09 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{9208d805-ada4-4047-bf47-3d1f9ead5702}\MpKsle3525020.sys
    2011-01-21 16:18:58 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{9208d805-ada4-4047-bf47-3d1f9ead5702}\mpengine.dll
    2011-01-06 23:53:29 -------- d-----w- c:\docume~1\miller\applic~1\Malwarebytes
    2011-01-06 23:53:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-06 23:53:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-01-06 23:53:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-06 23:53:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600

    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
    c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A4AFAB8]
    3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007b[0x8A512F18]
    5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007a[0x8A4AF030]
    kernel: MBR read successfully
    _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
    user != kernel MBR !!!

    ============= FINISH: 10:25:44.23 ===============
  6. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    DDS "Attach" Log

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/9/2010 12:03:07 AM
    System Uptime: 1/21/2011 9:22:55 AM (1 hours ago)

    Motherboard: Quanta | | 30B7
    Processor: AMD Turion(tm) 64 Mobile Technology MK-36 | Socket S1 | 2009/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 62 GiB total, 40.118 GiB free.
    D: is FIXED (FAT32) - 12 GiB total, 1.224 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 12/9/2010 12:03:12 AM - System Checkpoint
    RP2: 12/9/2010 12:07:39 AM - Installed Vongo
    RP3: 12/8/2010 11:11:53 PM - Configured Customer Experience Enhancement
    RP4: 12/8/2010 11:12:27 PM - Configured easy Internet sign-up
    RP5: 12/8/2010 11:16:06 PM - Removed HP Help and Support
    RP6: 12/8/2010 11:22:38 PM - Removed HP Help and Support
    RP7: 12/8/2010 11:28:35 PM - Removed HP Quick Launch Buttons
    RP8: 12/8/2010 11:29:33 PM - Removed HP User Guides 0031
    RP9: 12/8/2010 11:33:11 PM - Removed Macromedia Flash Player 8
    RP10: 12/8/2010 11:33:19 PM - Removed Macromedia Shockwave Player
    RP11: 12/8/2010 11:34:26 PM - Removed Microsoft Office Standard Edition 2003
    RP12: 12/8/2010 11:35:34 PM - Removed Microsoft Works
    RP13: 12/8/2010 11:36:09 PM - Removed muvee autoProducer 5.0
    RP14: 12/8/2010 11:41:36 PM - Removed Office 2003 Trial Assistant
    RP15: 12/8/2010 11:41:57 PM - Removed Quicken 2006
    RP16: 12/8/2010 11:42:20 PM - Removed TourSetup
    RP17: 12/8/2010 11:42:29 PM - Removed Vongo
    RP18: 12/8/2010 11:42:59 PM - Removed Wireless Home Network Setup
    RP19: 12/8/2010 11:48:34 PM - Installed Windows XP KB914882.
    RP20: 12/8/2010 11:52:27 PM - Removed HP Help and Support
    RP21: 12/8/2010 11:53:02 PM - Removed HP User Guides 0031
    RP22: 12/9/2010 6:22:52 PM - Software Distribution Service 3.0
    RP23: 12/9/2010 6:49:48 PM - Software Distribution Service 3.0
    RP24: 12/9/2010 7:01:55 PM - Software Distribution Service 3.0
    RP25: 12/9/2010 8:00:06 PM - Software Distribution Service 3.0
    RP26: 12/9/2010 11:38:42 PM - Software Distribution Service 3.0
    RP27: 12/10/2010 6:24:37 AM - Software Distribution Service 3.0
    RP28: 12/10/2010 9:18:51 PM - Software Distribution Service 3.0
    RP29: 12/10/2010 9:34:46 PM - Software Distribution Service 3.0
    RP30: 12/12/2010 2:01:39 AM - Software Distribution Service 3.0
    RP31: 12/13/2010 4:27:47 PM - Software Distribution Service 3.0
    RP32: 12/14/2010 11:42:14 PM - Software Distribution Service 3.0
    RP33: 12/14/2010 11:59:57 PM - Installed DirectX
    RP34: 12/15/2010 2:55:09 PM - Software Distribution Service 3.0
    RP35: 12/16/2010 4:40:26 PM - Software Distribution Service 3.0
    RP36: 12/19/2010 8:51:33 PM - Software Distribution Service 3.0
    RP37: 12/21/2010 8:48:13 AM - System Checkpoint
    RP38: 12/22/2010 9:27:59 PM - System Checkpoint
    RP39: 12/24/2010 2:56:57 AM - System Checkpoint
    RP40: 12/24/2010 5:55:50 AM - Software Distribution Service 3.0
    RP41: 12/25/2010 5:55:43 AM - Software Distribution Service 3.0
    RP42: 12/26/2010 2:04:50 AM - Software Distribution Service 3.0
    RP43: 12/26/2010 5:55:42 AM - Software Distribution Service 3.0
    RP44: 12/27/2010 5:55:34 AM - Software Distribution Service 3.0
    RP45: 12/28/2010 5:55:43 AM - Software Distribution Service 3.0
    RP46: 12/29/2010 5:55:28 AM - Software Distribution Service 3.0
    RP47: 12/30/2010 8:00:24 AM - System Checkpoint
    RP48: 12/30/2010 10:01:02 PM - Software Distribution Service 3.0
    RP49: 1/1/2011 6:40:38 AM - System Checkpoint
    RP50: 1/1/2011 10:00:52 PM - Software Distribution Service 3.0
    RP51: 1/5/2011 3:46:37 AM - System Checkpoint
    RP52: 1/6/2011 10:15:57 AM - Software Distribution Service 3.0
    RP53: 1/6/2011 10:02:16 PM - Software Distribution Service 3.0
    RP54: 1/8/2011 1:11:04 AM - System Checkpoint
    RP55: 1/8/2011 3:12:54 PM - Software Distribution Service 3.0
    RP56: 1/9/2011 1:30:44 AM - Software Distribution Service 3.0
    RP57: 1/9/2011 3:13:01 PM - Software Distribution Service 3.0
    RP58: 1/10/2011 5:35:30 PM - System Checkpoint
    RP59: 1/10/2011 9:36:24 PM - Software Distribution Service 3.0
    RP60: 1/11/2011 9:36:27 PM - Software Distribution Service 3.0
    RP61: 1/12/2011 8:22:59 AM - Software Distribution Service 3.0
    RP62: 1/13/2011 8:47:24 AM - Software Distribution Service 3.0
    RP63: 1/14/2011 8:51:28 AM - Software Distribution Service 3.0
    RP64: 1/15/2011 2:45:10 PM - System Checkpoint
    RP65: 1/16/2011 2:21:07 AM - Software Distribution Service 3.0
    RP66: 1/16/2011 8:47:10 AM - Software Distribution Service 3.0
    RP67: 1/17/2011 8:47:15 AM - Software Distribution Service 3.0
    RP68: 1/18/2011 8:47:49 AM - Software Distribution Service 3.0
    RP69: 1/19/2011 8:47:36 AM - Software Distribution Service 3.0
    RP70: 1/20/2011 10:03:47 AM - Software Distribution Service 3.0
    RP71: 1/21/2011 8:48:43 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================


    Adobe Flash Player 10 ActiveX
    Adobe Reader 7.0.5
    Conexant HD Audio
    Google Chrome
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    HP QuickPlay 2.3
    HP Update
    HP Wireless Assistant 2.00 G2
    HpSdpAppCoreApp
    J2SE Runtime Environment 5.0 Update 6
    LightScribe 1.4.97.1
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Security Essentials
    NetWaiting
    NVIDIA Drivers
    Office 2003 Trial Assistant
    Runes of Magic
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Soft Data Fax Modem with SmartCP
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    SonicAC3Encoder
    SonicMPEGEncoder
    Synaptics Pointing Device Driver
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Vongo
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Connect
    Windows Media Format Runtime
    Windows XP Media Center Edition 2005 KB912067
    Windows XP Media Center Edition 2005 KB915381
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    1/21/2011 9:22:11 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    1/21/2011 9:04:19 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 9:04:19 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 9:04:19 AM, error: Service Control Manager [7034] - The dlbt_device service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 9:04:19 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    1/15/2011 8:46:38 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3946.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    ==== End Of File ===========================
  7. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    Steps Complete

    Ok that should be all of the logs. Just let me know where to go from here. Thanks!
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you. You did a nice job on the logs. There is no specific "Google Redirect virus"-many malware infections will cause a redirect and since most people use Google to search, it has been given this name;

    It appears that you may have a rootkit on the MBR, so we'll check for that first:

    Please download MBR Rootkit Detector and save it on your desktop.
    • Pause/Stop all antivirus/spyware active protection.
    • Then double click on mbr.exe to run it.
    • Select Run when you receive a Security Warning
    • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
    • A log file will the be created on your desktop where you ran mbr.exe
    • Copy and paste the contents of mbr.log on your next reply.
    ============================
    Then Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
  9. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    MBR log

    No notepad doc appeared on the desktop but I found one in my downloads folder next to mbr.exe. Here are the contents:

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600

    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    kernel: MBR read successfully
    user != kernel MBR !!!
  10. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    Eset log

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=5d14a4050a45fc4fa8fdb332615cea07
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-01-24 09:33:04
    # local_time=2011-01-24 03:33:04 (-0600, Central Standard Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=5891 16776869 100 100 0 25407130 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=49803
    # found=0
    # cleaned=0
    # scan_time=1832
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Are you still having the redirects and virus alert popups? The Eset scan is clean, but the MBR report is puzzling. Did you close all active program, windows and email before running the MBR scan. Lets' try the following:
    Download bootkitremover.rar and save it to your desktop.
    • Extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip
    • Double-click on the remover.exe file to run the program.
    • Paste the output in your next reply.

    then run the following:
    • Open Notepad
    • Copy and paste the text in the codebox into Notepad:
      Code:
      
      @ECHO OFF
      START 
      remover.exe fix   \\.\PhysicalDrive0    
      EXIT
      
    • Go File > Save As
    • Save as Type choose All Files
    • For File Name type fix.bat
    • Save In> choose Desktop
    • Save
    • Double click to Run fix.bat
    (You may see a black box appear; this is normal.)

    Run remover.exe again and post its output.

    Do NOT reboot computer!
     
  12. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    Yes, still getting redirects and virus alerts. And I think the only application I had open was a notepad doc when I ran the MBR.

    Here are the results from the 1st Bootkit removal log




    .\debug.cpp(238) : Debug log started at 27.01.2011 - 18:10:42
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.0
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
    .\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
    .\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
    .\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0xf7358000 0x0002e000 "ACPI.sys"
    .\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
    .\debug.cpp(256) : 0xf7347000 0x00011000 "pci.sys"
    .\debug.cpp(256) : 0xf7487000 0x0000a000 "isapnp.sys"
    .\debug.cpp(256) : 0xf7497000 0x00010000 "ohci1394.sys"
    .\debug.cpp(256) : 0xf74a7000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
    .\debug.cpp(256) : 0xf789b000 0x00003000 "compbatt.sys"
    .\debug.cpp(256) : 0xf789f000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
    .\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
    .\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
    .\debug.cpp(256) : 0xf798b000 0x00002000 "intelide.sys"
    .\debug.cpp(256) : 0xf798d000 0x00002000 "viaide.sys"
    .\debug.cpp(256) : 0xf798f000 0x00002000 "aliide.sys"
    .\debug.cpp(256) : 0xf7329000 0x0001e000 "pcmcia.sys"
    .\debug.cpp(256) : 0xf74b7000 0x0000b000 "MountMgr.sys"
    .\debug.cpp(256) : 0xf730a000 0x0001f000 "ftdisk.sys"
    .\debug.cpp(256) : 0xf7991000 0x00002000 "dmload.sys"
    .\debug.cpp(256) : 0xf72e4000 0x00026000 "dmio.sys"
    .\debug.cpp(256) : 0xf78a3000 0x00003000 "ACPIEC.sys"
    .\debug.cpp(256) : 0xf7a50000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
    .\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
    .\debug.cpp(256) : 0xf74c7000 0x0000d000 "VolSnap.sys"
    .\debug.cpp(256) : 0xf72cc000 0x00018000 "atapi.sys"
    .\debug.cpp(256) : 0xf72b3000 0x00019000 "nvata.sys"
    .\debug.cpp(256) : 0xf74d7000 0x00009000 "disk.sys"
    .\debug.cpp(256) : 0xf74e7000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0xf7293000 0x00020000 "fltmgr.sys"
    .\debug.cpp(256) : 0xf7281000 0x00012000 "sr.sys"
    .\debug.cpp(256) : 0xf7717000 0x00005000 "PxHelp20.sys"
    .\debug.cpp(256) : 0xf726a000 0x00017000 "KSecDD.sys"
    .\debug.cpp(256) : 0xf71dd000 0x0008d000 "Ntfs.sys"
    .\debug.cpp(256) : 0xf71b0000 0x0002d000 "NDIS.sys"
    .\debug.cpp(256) : 0xf74f7000 0x00010000 "Serial.sys"
    .\debug.cpp(256) : 0xf7196000 0x0001a000 "Mup.sys"
    .\debug.cpp(256) : 0xf76a7000 0x0000e000 "\SystemRoot\system32\DRIVERS\AmdK8.sys"
    .\debug.cpp(256) : 0xf7166000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
    .\debug.cpp(256) : 0xf7162000 0x00003000 "\SystemRoot\system32\DRIVERS\cpqbttn.sys"
    .\debug.cpp(256) : 0xf76b7000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0xf775f000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0xf715e000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
    .\debug.cpp(256) : 0xf66d0000 0x00069000 "\SystemRoot\system32\DRIVERS\bcmwl5.sys"
    .\debug.cpp(256) : 0xf634b000 0x00385000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
    .\debug.cpp(256) : 0xf6337000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0xf7923000 0x00003000 "\SystemRoot\system32\DRIVERS\nvsmu.sys"
    .\debug.cpp(256) : 0xf7767000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
    .\debug.cpp(256) : 0xf6313000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0xf776f000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0xf76c7000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
    .\debug.cpp(256) : 0xf76d7000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0xf76e7000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
    .\debug.cpp(256) : 0xf62f0000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0xf62c8000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
    .\debug.cpp(256) : 0xf6dce000 0x00004000 "\SystemRoot\system32\DRIVERS\nvnetbus.sys"
    .\debug.cpp(256) : 0xf627d000 0x0004b000 "\SystemRoot\system32\DRIVERS\NVNRM.SYS"
    .\debug.cpp(256) : 0xf6246000 0x00037000 "\SystemRoot\system32\DRIVERS\NVSNPU.SYS"
    .\debug.cpp(256) : 0xf76f7000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0xf7777000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0xf6216000 0x00030000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
    .\debug.cpp(256) : 0xf79b5000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0xf777f000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0xf7a64000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
    .\debug.cpp(256) : 0xf7507000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0xf6dca000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0xf61ff000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0xf7517000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0xf7527000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0xf7787000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0xf61ee000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
    .\debug.cpp(256) : 0xf7537000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
    .\debug.cpp(256) : 0xf778f000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
    .\debug.cpp(256) : 0xf7797000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
    .\debug.cpp(256) : 0xf61be000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
    .\debug.cpp(256) : 0xf2815000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0xf7997000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0xf1496000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
    .\debug.cpp(256) : 0xf2042000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0xf156a000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
    .\debug.cpp(256) : 0xf2805000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0xf27f5000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0xf1fa3000 0x00009000 "\SystemRoot\system32\DRIVERS\NVENETFD.sys"
    .\debug.cpp(256) : 0xef343000 0x00095000 "\SystemRoot\system32\drivers\CHDAud.sys"
    .\debug.cpp(256) : 0xef31f000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0xf1f73000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0xef2ec000 0x00033000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
    .\debug.cpp(256) : 0xef1fa000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
    .\debug.cpp(256) : 0xef148000 0x000b2000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
    .\debug.cpp(256) : 0xf2b4b000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
    .\debug.cpp(256) : 0xecc26000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
    .\debug.cpp(256) : 0xeb4f4000 0x00023000 "\SystemRoot\system32\DRIVERS\MpFilter.sys"
    .\debug.cpp(256) : 0xf7a11000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
    .\debug.cpp(256) : 0xf274e000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0xf7a13000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0xec579000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0xf7a15000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
    .\debug.cpp(256) : 0xf7a17000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0xec571000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0xec569000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0xec334000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
    .\debug.cpp(256) : 0xeb4c1000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
    .\debug.cpp(256) : 0xeb468000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
    .\debug.cpp(256) : 0xeb440000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0xeb41e000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
    .\debug.cpp(256) : 0xf3294000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0xeb3f3000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0xeb383000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0xf3284000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
    .\debug.cpp(256) : 0xeb35d000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
    .\debug.cpp(256) : 0xf3264000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0xeb339000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
    .\debug.cpp(256) : 0xeb320000 0x00019000 "\SystemRoot\System32\Drivers\dump_nvata.sys"
    .\debug.cpp(256) : 0xf7a2b000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
    .\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0xf1482000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0xebc2e000 0x00005000 "\SystemRoot\System32\watchdog.sys"
    .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
    .\debug.cpp(256) : 0xf7b27000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
    .\debug.cpp(256) : 0xbf012000 0x003ce000 "\SystemRoot\System32\nv4_disp.dll"
    .\debug.cpp(256) : 0xf203e000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0xb9d4b000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
    .\debug.cpp(256) : 0xf67a9000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
    .\debug.cpp(256) : 0xec1f1000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
    .\debug.cpp(256) : 0xb9a20000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
    .\debug.cpp(256) : 0xb9877000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
    .\debug.cpp(256) : 0xb97f7000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0xb972f000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
    .\debug.cpp(256) : 0xb9718000 0x00017000 "\??\C:\WINDOWS\system32\drivers\mqac.sys"
    .\debug.cpp(256) : 0xb96be000 0x00032000 "\??\C:\WINDOWS\system32\drivers\RMCast.sys"
    .\debug.cpp(256) : 0xf1582000 0x00002000 "\SystemRoot\System32\Drivers\hiber_WMILIB.SYS"
    .\debug.cpp(256) : 0xf2b23000 0x00006000 "\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99903649-48DE-432C-9A0E-CD0CE342D8DA}\MpKsleedd3bdd.sys"
    .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature282D282DOffset7E00LengthF7EBB3800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1E997D76-6A47-4212-96C1-5B60A0175376}"
    .\debug.cpp(400) : Destination "\Device\{1E997D76-6A47-4212-96C1-5B60A0175376}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000030"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
    .\debug.cpp(400) : Destination "\Device\Ip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E7CCFDEE-7C1D-4127-85D7-707186D43444}"
    .\debug.cpp(400) : Destination "\Device\{E7CCFDEE-7C1D-4127-85D7-707186D43444}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
    .\debug.cpp(400) : Destination "\Device\IPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000002f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000043"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
    .\debug.cpp(400) : Destination "\Device\NDProxy"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
    .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
    .\debug.cpp(400) : Destination "\Device\CompositeBattery"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026D&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026E&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskFUJITSU_MHV2080BH_______________________892C____#574E333136543238364538442020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000078"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
    .\debug.cpp(400) : Destination "\Device\Winachsf0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
    .\debug.cpp(400) : Destination "\Device\PSched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
    .\debug.cpp(400) : Destination "\Device\IPNAT"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CE8D9D70-5BE6-4465-9A14-0BD896FFF818}"
    .\debug.cpp(400) : Destination "\Device\{CE8D9D70-5BE6-4465-9A14-0BD896FFF818}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpKsleedd3bdd"
    .\debug.cpp(400) : Destination "\Device\MpKsleedd3bdd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
    .\debug.cpp(400) : Destination "\Device\I2OExec"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E9A32F55-BD92-4468-90E2-75F72669ABB7}"
    .\debug.cpp(400) : Destination "\Device\{E9A32F55-BD92-4468-90E2-75F72669ABB7}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature282D282DOffsetF7EBC3400Length2E2D3C800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000035"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1a3e09be-1e45-494b-9174-d7385b45bbf5}#NVNET_DEV0269#4&e5d621b&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000007d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
    .\debug.cpp(400) : Destination "\Device\VideoPdo0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000033"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
    .\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&13c0b0c5&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000034"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000032"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
    .\debug.cpp(400) : Destination "\Device\sysaudio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0269&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&A0#{c4f6eed3-1c5e-4f43-a768-83ecba42fcc1}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5186B77C-A91D-45F2-95E9-FE9507A2DDEA}"
    .\debug.cpp(400) : Destination "\Device\{5186B77C-A91D-45F2-95E9-FE9507A2DDEA}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&13c0b0c5&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
    .\debug.cpp(400) : Destination "\Device\00000080"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2&daba3ff&0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000048"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
    .\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FA5D31C0-9D05-40FE-B222-71A8E2954759}"
    .\debug.cpp(400) : Destination "\Device\{FA5D31C0-9D05-40FE-B222-71A8E2954759}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000007b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&3753860b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7345B1BB-B8B9-45A3-BB13-788652C03E6D}"
    .\debug.cpp(400) : Destination "\Device\{7345B1BB-B8B9-45A3-BB13-788652C03E6D}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_76#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aeb-0359-11e0-9d49-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000002e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4311&SUBSYS_1363103C&REV_01#4&14c5f9b7&0&0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
    .\debug.cpp(400) : Destination "\Device\00000080"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0244&SUBSYS_30B7103C&REV_A2#3&13c0b0c5&0&28#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&6cd36d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NdisWanIp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aea-0359-11e0-9d49-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
    .\debug.cpp(400) : Destination "\Device\ParTechInc0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
    .\debug.cpp(400) : Destination "\Device\NdisTapi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
    .\debug.cpp(400) : Destination "\Device\IPMULTICAST"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
    .\debug.cpp(400) : Destination "\Device\MICH_AZ0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FBDEFAD9-738F-42B6-AF65-8FAF2A96B577}"
    .\debug.cpp(400) : Destination "\Device\{FBDEFAD9-738F-42B6-AF65-8FAF2A96B577}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
    .\debug.cpp(400) : Destination "\Device\ParTechInc1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
    .\debug.cpp(400) : Destination "\Device\DmLoader"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
    .\debug.cpp(400) : Destination "\Device\LanmanRedirector"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MQAC"
    .\debug.cpp(400) : Destination "\Device\MQAC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
    .\debug.cpp(400) : Destination "\Device\ParTechInc2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&53#{8ad261ed-6aec-4b95-b844-552766d76ef9}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{977C4A7D-BF88-42C2-BA9E-F17772E518E1}"
    .\debug.cpp(400) : Destination "\Device\{977C4A7D-BF88-42C2-BA9E-F17772E518E1}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\FtControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0002#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
    .\debug.cpp(400) : Destination "\Device\00000080"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col01#3&563a312&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000007a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\NvAta0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
    .\debug.cpp(400) : Destination "\Device\SynTP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000007b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000037"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aec-0359-11e0-9d49-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0129#3&13c0b0c5&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000052"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    .\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: b5ea3a26c2ce29f225a541a7d699387b
    .\boot_cleaner.cpp(1060) :
    .\boot_cleaner.cpp(1061) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1062) : --------------------------------------------
    .\boot_cleaner.cpp(1106) : 74 GB \\.\PhysicalDrive0 Unknown boot code
    .\boot_cleaner.cpp(1112) :
    .\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
    .\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
    .\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
    .\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
    .\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
    .\boot_cleaner.cpp(1129) :
    .\boot_cleaner.cpp(1151) : Done;
  13. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    After running fix.bat, here is the second bootkit removal log:




    .\debug.cpp(238) : Debug log started at 27.01.2011 - 18:23:38
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.0
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
    .\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
    .\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
    .\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0xf7358000 0x0002e000 "ACPI.sys"
    .\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
    .\debug.cpp(256) : 0xf7347000 0x00011000 "pci.sys"
    .\debug.cpp(256) : 0xf7487000 0x0000a000 "isapnp.sys"
    .\debug.cpp(256) : 0xf7497000 0x00010000 "ohci1394.sys"
    .\debug.cpp(256) : 0xf74a7000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
    .\debug.cpp(256) : 0xf789b000 0x00003000 "compbatt.sys"
    .\debug.cpp(256) : 0xf789f000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
    .\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
    .\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
    .\debug.cpp(256) : 0xf798b000 0x00002000 "intelide.sys"
    .\debug.cpp(256) : 0xf798d000 0x00002000 "viaide.sys"
    .\debug.cpp(256) : 0xf798f000 0x00002000 "aliide.sys"
    .\debug.cpp(256) : 0xf7329000 0x0001e000 "pcmcia.sys"
    .\debug.cpp(256) : 0xf74b7000 0x0000b000 "MountMgr.sys"
    .\debug.cpp(256) : 0xf730a000 0x0001f000 "ftdisk.sys"
    .\debug.cpp(256) : 0xf7991000 0x00002000 "dmload.sys"
    .\debug.cpp(256) : 0xf72e4000 0x00026000 "dmio.sys"
    .\debug.cpp(256) : 0xf78a3000 0x00003000 "ACPIEC.sys"
    .\debug.cpp(256) : 0xf7a50000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
    .\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
    .\debug.cpp(256) : 0xf74c7000 0x0000d000 "VolSnap.sys"
    .\debug.cpp(256) : 0xf72cc000 0x00018000 "atapi.sys"
    .\debug.cpp(256) : 0xf72b3000 0x00019000 "nvata.sys"
    .\debug.cpp(256) : 0xf74d7000 0x00009000 "disk.sys"
    .\debug.cpp(256) : 0xf74e7000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0xf7293000 0x00020000 "fltmgr.sys"
    .\debug.cpp(256) : 0xf7281000 0x00012000 "sr.sys"
    .\debug.cpp(256) : 0xf7717000 0x00005000 "PxHelp20.sys"
    .\debug.cpp(256) : 0xf726a000 0x00017000 "KSecDD.sys"
    .\debug.cpp(256) : 0xf71dd000 0x0008d000 "Ntfs.sys"
    .\debug.cpp(256) : 0xf71b0000 0x0002d000 "NDIS.sys"
    .\debug.cpp(256) : 0xf74f7000 0x00010000 "Serial.sys"
    .\debug.cpp(256) : 0xf7196000 0x0001a000 "Mup.sys"
    .\debug.cpp(256) : 0xf76a7000 0x0000e000 "\SystemRoot\system32\DRIVERS\AmdK8.sys"
    .\debug.cpp(256) : 0xf7166000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
    .\debug.cpp(256) : 0xf7162000 0x00003000 "\SystemRoot\system32\DRIVERS\cpqbttn.sys"
    .\debug.cpp(256) : 0xf76b7000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0xf775f000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0xf715e000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
    .\debug.cpp(256) : 0xf66d0000 0x00069000 "\SystemRoot\system32\DRIVERS\bcmwl5.sys"
    .\debug.cpp(256) : 0xf634b000 0x00385000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
    .\debug.cpp(256) : 0xf6337000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0xf7923000 0x00003000 "\SystemRoot\system32\DRIVERS\nvsmu.sys"
    .\debug.cpp(256) : 0xf7767000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
    .\debug.cpp(256) : 0xf6313000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0xf776f000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0xf76c7000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
    .\debug.cpp(256) : 0xf76d7000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0xf76e7000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
    .\debug.cpp(256) : 0xf62f0000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0xf62c8000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
    .\debug.cpp(256) : 0xf6dce000 0x00004000 "\SystemRoot\system32\DRIVERS\nvnetbus.sys"
    .\debug.cpp(256) : 0xf627d000 0x0004b000 "\SystemRoot\system32\DRIVERS\NVNRM.SYS"
    .\debug.cpp(256) : 0xf6246000 0x00037000 "\SystemRoot\system32\DRIVERS\NVSNPU.SYS"
    .\debug.cpp(256) : 0xf76f7000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0xf7777000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0xf6216000 0x00030000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
    .\debug.cpp(256) : 0xf79b5000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0xf777f000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0xf7a64000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
    .\debug.cpp(256) : 0xf7507000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0xf6dca000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0xf61ff000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0xf7517000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0xf7527000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0xf7787000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0xf61ee000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
    .\debug.cpp(256) : 0xf7537000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
    .\debug.cpp(256) : 0xf778f000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
    .\debug.cpp(256) : 0xf7797000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
    .\debug.cpp(256) : 0xf61be000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
    .\debug.cpp(256) : 0xf2815000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0xf7997000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0xf1496000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
    .\debug.cpp(256) : 0xf2042000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0xf156a000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
    .\debug.cpp(256) : 0xf2805000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0xf27f5000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0xf1fa3000 0x00009000 "\SystemRoot\system32\DRIVERS\NVENETFD.sys"
    .\debug.cpp(256) : 0xef343000 0x00095000 "\SystemRoot\system32\drivers\CHDAud.sys"
    .\debug.cpp(256) : 0xef31f000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0xf1f73000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0xef2ec000 0x00033000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
    .\debug.cpp(256) : 0xef1fa000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
    .\debug.cpp(256) : 0xef148000 0x000b2000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
    .\debug.cpp(256) : 0xf2b4b000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
    .\debug.cpp(256) : 0xecc26000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
    .\debug.cpp(256) : 0xeb4f4000 0x00023000 "\SystemRoot\system32\DRIVERS\MpFilter.sys"
    .\debug.cpp(256) : 0xf7a11000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
    .\debug.cpp(256) : 0xf274e000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0xf7a13000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0xec579000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0xf7a15000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
    .\debug.cpp(256) : 0xf7a17000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0xec571000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0xec569000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0xec334000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
    .\debug.cpp(256) : 0xeb4c1000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
    .\debug.cpp(256) : 0xeb468000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
    .\debug.cpp(256) : 0xeb440000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0xeb41e000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
    .\debug.cpp(256) : 0xf3294000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0xeb3f3000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0xeb383000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0xf3284000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
    .\debug.cpp(256) : 0xeb35d000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
    .\debug.cpp(256) : 0xf3264000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0xeb339000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
    .\debug.cpp(256) : 0xeb320000 0x00019000 "\SystemRoot\System32\Drivers\dump_nvata.sys"
    .\debug.cpp(256) : 0xf7a2b000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
    .\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0xf1482000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0xebc2e000 0x00005000 "\SystemRoot\System32\watchdog.sys"
    .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
    .\debug.cpp(256) : 0xf7b27000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
    .\debug.cpp(256) : 0xbf012000 0x003ce000 "\SystemRoot\System32\nv4_disp.dll"
    .\debug.cpp(256) : 0xf203e000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0xb9d4b000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
    .\debug.cpp(256) : 0xf67a9000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
    .\debug.cpp(256) : 0xec1f1000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
    .\debug.cpp(256) : 0xb9a20000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
    .\debug.cpp(256) : 0xb9877000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
    .\debug.cpp(256) : 0xb97f7000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0xb972f000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
    .\debug.cpp(256) : 0xb9718000 0x00017000 "\??\C:\WINDOWS\system32\drivers\mqac.sys"
    .\debug.cpp(256) : 0xb96be000 0x00032000 "\??\C:\WINDOWS\system32\drivers\RMCast.sys"
    .\debug.cpp(256) : 0xf1582000 0x00002000 "\SystemRoot\System32\Drivers\hiber_WMILIB.SYS"
    .\debug.cpp(256) : 0xf2b23000 0x00006000 "\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99903649-48DE-432C-9A0E-CD0CE342D8DA}\MpKsleedd3bdd.sys"
    .\debug.cpp(256) : 0xb68a8000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
    .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1E997D76-6A47-4212-96C1-5B60A0175376}"
    .\debug.cpp(400) : Destination "\Device\{1E997D76-6A47-4212-96C1-5B60A0175376}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature282D282DOffset7E00LengthF7EBB3800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000030"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E7CCFDEE-7C1D-4127-85D7-707186D43444}"
    .\debug.cpp(400) : Destination "\Device\{E7CCFDEE-7C1D-4127-85D7-707186D43444}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
    .\debug.cpp(400) : Destination "\Device\Ip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
    .\debug.cpp(400) : Destination "\Device\IPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000002f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000043"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
    .\debug.cpp(400) : Destination "\Device\NDProxy"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
    .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
    .\debug.cpp(400) : Destination "\Device\CompositeBattery"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026D&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026E&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskFUJITSU_MHV2080BH_______________________892C____#574E333136543238364538442020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000078"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
    .\debug.cpp(400) : Destination "\Device\Winachsf0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
    .\debug.cpp(400) : Destination "\Device\PSched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
    .\debug.cpp(400) : Destination "\Device\IPNAT"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CE8D9D70-5BE6-4465-9A14-0BD896FFF818}"
    .\debug.cpp(400) : Destination "\Device\{CE8D9D70-5BE6-4465-9A14-0BD896FFF818}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpKsleedd3bdd"
    .\debug.cpp(400) : Destination "\Device\MpKsleedd3bdd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
    .\debug.cpp(400) : Destination "\Device\I2OExec"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E9A32F55-BD92-4468-90E2-75F72669ABB7}"
    .\debug.cpp(400) : Destination "\Device\{E9A32F55-BD92-4468-90E2-75F72669ABB7}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000035"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1a3e09be-1e45-494b-9174-d7385b45bbf5}#NVNET_DEV0269#4&e5d621b&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000007d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
    .\debug.cpp(400) : Destination "\Device\VideoPdo0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature282D282DOffsetF7EBC3400Length2E2D3C800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000033"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
    .\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&13c0b0c5&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000034"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000032"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
    .\debug.cpp(400) : Destination "\Device\sysaudio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0269&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&A0#{c4f6eed3-1c5e-4f43-a768-83ecba42fcc1}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5186B77C-A91D-45F2-95E9-FE9507A2DDEA}"
    .\debug.cpp(400) : Destination "\Device\{5186B77C-A91D-45F2-95E9-FE9507A2DDEA}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&13c0b0c5&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
    .\debug.cpp(400) : Destination "\Device\00000080"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2&daba3ff&0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000048"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
    .\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FA5D31C0-9D05-40FE-B222-71A8E2954759}"
    .\debug.cpp(400) : Destination "\Device\{FA5D31C0-9D05-40FE-B222-71A8E2954759}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000007b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&3753860b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7345B1BB-B8B9-45A3-BB13-788652C03E6D}"
    .\debug.cpp(400) : Destination "\Device\{7345B1BB-B8B9-45A3-BB13-788652C03E6D}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_76#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000002e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4311&SUBSYS_1363103C&REV_01#4&14c5f9b7&0&0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
    .\debug.cpp(400) : Destination "\Device\00000080"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&3738e2e0&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aeb-0359-11e0-9d49-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0244&SUBSYS_30B7103C&REV_A2#3&13c0b0c5&0&28#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&6cd36d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NdisWanIp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\0000007f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aea-0359-11e0-9d49-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
    .\debug.cpp(400) : Destination "\Device\ParTechInc0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
    .\debug.cpp(400) : Destination "\Device\NdisTapi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
    .\debug.cpp(400) : Destination "\Device\IPMULTICAST"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
    .\debug.cpp(400) : Destination "\Device\MICH_AZ0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FBDEFAD9-738F-42B6-AF65-8FAF2A96B577}"
    .\debug.cpp(400) : Destination "\Device\{FBDEFAD9-738F-42B6-AF65-8FAF2A96B577}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
    .\debug.cpp(400) : Destination "\Device\ParTechInc1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
    .\debug.cpp(400) : Destination "\Device\DmLoader"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
    .\debug.cpp(400) : Destination "\Device\LanmanRedirector"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MQAC"
    .\debug.cpp(400) : Destination "\Device\MQAC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
    .\debug.cpp(400) : Destination "\Device\ParTechInc2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3#3&13c0b0c5&0&53#{8ad261ed-6aec-4b95-b844-552766d76ef9}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{977C4A7D-BF88-42C2-BA9E-F17772E518E1}"
    .\debug.cpp(400) : Destination "\Device\{977C4A7D-BF88-42C2-BA9E-F17772E518E1}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\FtControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30B7&REV_1001#4&1fc54547&0&0002#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
    .\debug.cpp(400) : Destination "\Device\00000080"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col01#3&563a312&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000007a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\NvAta0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
    .\debug.cpp(400) : Destination "\Device\SynTP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000007b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000037"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0129#3&13c0b0c5&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000052"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5b184aec-0359-11e0-9d49-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    .\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
    .\boot_cleaner.cpp(1060) :
    .\boot_cleaner.cpp(1061) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1062) : --------------------------------------------
    .\boot_cleaner.cpp(1106) : 74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1112) :
    .\boot_cleaner.cpp(1151) : Done;
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please update and run Malwarebytes again.

    Also run the following:
    [​IMG]
    SuperAntiSpyware Home Edition Free Version
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.

    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    Click on 'Preferences'.
    Click on the 'Statistics/Logs' tab.
    Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad.
    Paste the notepad file here on your reply- be sure you check on Format> Uncheck 'Word Wrap' in Notepad.
    ====================
  15. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    2nd Malwarebytes Log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5630

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/28/2011 10:35:51 AM
    mbam-log-2011-01-28 (10-35-41).txt

    Scan type: Quick scan
    Objects scanned: 142903
    Time elapsed: 4 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  16. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    SuperAntiSpyware Log Pt. 1

    There is too much text for one post so I will divide the log into two parts.

    PART ONE

    Generated 01/28/2011 at 11:22 AM

    Application Version : 4.47.1000
    Core Rules Database Version : 6296
    Trace Rules Database Version: 4108

    Scan type : Complete Scan
    Total Scan Time : 00:41:41

    Memory items scanned : 451
    Memory threats detected : 0

    Registry items scanned : 6334
    Registry threats detected : 0

    File items scanned : 22547
    File threats detected : 428

    Adware.Tracking Cookie
    C:\Documents and Settings\Miller\Cookies\miller@bridge2.admarketplace[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@rotator.hadj7.adjuggler[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@chitika[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@tacoda.at.atwola[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@fastclick[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@adserver.adtechus[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@admarketplace[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@yieldmanager[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@invitemedia[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@bs.serving-sys[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@user.lucidmedia[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@sales.liveperson[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@enhance[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@ad.yieldmanager[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@advertise[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@tribalfusion[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@f2network.112.2o7[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@serving-sys[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@statcounter[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@at.atwola[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@apmebf[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@bizrate[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@atdmt[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@adecn[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@insightexpressai[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@doubleclick[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@liveperson[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@mediabrandsww[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@r1-ads.ace.advertising[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@a1.interclick[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@questionmarket[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@interclick[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@internettrafficbuilder[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@zedo[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@liveperson[4].txt
    C:\Documents and Settings\Miller\Cookies\miller@network.realmedia[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@pro-market[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@collective-media[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@atwola[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@2o7[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@realmedia[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@server.cpmstar[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@www.adserverplatform[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@ad.leadbolt[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@advertising[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@specificclick[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@clicksor[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@www.qsstats[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@ru4[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@cj[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@www.qsstats[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@banners.protoolreviews[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@adbrite[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@ads.cnn[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@evite.112.2o7[1].txt
    C:\Documents and
  17. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    SuperAntiSpyware Log Pt. 2

    Settings\Miller\Cookies\miller@hpi.rotator.hadj7.adjuggler[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@content.yieldmanager[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@casalemedia[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@myroitracking[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@media6degrees[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@liveperson[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@statse.webtrendslive[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@www.epoclick[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@imrworldwide[2].txt
    C:\Documents and Settings\Miller\Cookies\miller@content.yieldmanager[3].txt
    C:\Documents and Settings\Miller\Cookies\miller@xml.trafficengine[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@rotator.adjuggler[1].txt
    C:\Documents and Settings\Miller\Cookies\miller@mediaplex[2].txt
    ads2.msads.net [ C:\Documents and Settings\Miller\Application Data\Macromedia\Flash Player\#SharedObjects\P48WLD3L ]
    www.adserverplatform.com [ C:\Documents and Settings\Miller\Application Data\Macromedia\Flash Player\#SharedObjects\P48WLD3L ]
    .microsoftsto.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .doubleclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .yieldmanager.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    adserving.autotrader.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .mediaplex.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .247realmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .burstnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .dmtracker.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    rotator.adjuggler.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .apmebf.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adxpose.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .healthgrades.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .microsoftgamestudio.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .microsoftxbox.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    bridge1.admarketplace.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .admarketplace.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    counter.hitslink.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.hrsaccount.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.hrsaccount.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .realmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ge.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    citi.bridgetrack.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .accountonline.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.accountonline.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tracking.realtor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .homestore.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    yellowfishadvertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .walmart.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .aboutcom.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .questionmarket.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .paypal.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .perf.overture.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ehg-worldvision.hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .specificmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ehg-worldvision.hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ehg-worldvision.hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .e-2dj6wjk4shcpelp.stats.esomniture.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .bonniercorp.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .e-2dj6wfkikgd5eao.stats.esomniture.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .w3counter.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .eyewonder.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .content.yieldmanager.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .qnsr.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .qnsr.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .qnsr.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    clicks.fastlookupdirectory.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    user.lucidmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .automobileclubofsoutherncalifornia.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ehg-aaa.hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .hitbox.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .evite.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .gocitymedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .internettrafficbuilder.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .cbsdigitalmedia.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .usatoday1.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .allbritton.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .overture.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .eyewonder.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .chitika.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    hpi.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .kantarmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .kantarmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adserver.adtechus.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .dispatch.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .game-advertising-online.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .redorbit.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .associatedcontent.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .www.burstnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .viacom.adbureau.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .viacom.adbureau.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .homedepot.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .server.cpmstar.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .viacom.adbureau.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .viacom.adbureau.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .viacom.adbureau.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .enhance.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .enhance.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    cn.clickable.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media.community.thenest.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .nextag.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .nextag.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    top5countdown.mevio.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    leads.specificmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    in.getclicky.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    cdn.jemamedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    cdn.jemamedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    cdn.jemamedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    clixrevenue.camaweb_cama.information-seeking.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .r1-ads.ace.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    hpi.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .mediaplex.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adviva.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .marriottinternational.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ihg.db.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adviva.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    data.coremetrics.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .theclickcheck.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .theclickcheck.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .theclickcheck.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ads.neudesicmediagroup.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ads.neudesicmediagroup.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ads.neudesicmediagroup.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.online-media-stats.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adinterax.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    optimize.indieclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .server.cpmstar.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .server.cpmstar.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ces.rotator.hadj1.adjuggler.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .mediaplex.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adtech.de [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .timeinc.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .clickbank.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .madethecut.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .statcounter.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .boostmobile.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    sales.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .realmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    clicks.gotitsearch.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ces.rotator.hadj1.adjuggler.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .realmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    adservices.google.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .traveladvertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .traveladvertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    a.intentmedia.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .apmebf.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .hotels.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    statse.webtrendslive.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    sales.liveperson.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .goodpersonnecounter.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .goodpersonnecounter.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .msnbc.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adinterax.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .track.parse.ly [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .casalemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .kiplinger.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.cpcadnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.cpcadnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.cpcadnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.cpcadnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .lfstmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .target.db.advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .msnportal.112.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .statcounter.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .specificmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .stats.paypal.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .winzip.122.2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.icityfind.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertise.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.plomedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.findstuff.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .shopica.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adecn.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .mediabrandsww.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .overture.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tracking.foxnews.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tracking.foxnews.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tracking.foxnews.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    stat.onestat.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    stat.onestat.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .andomedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .bs.serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .lucidmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .lucidmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .lucidmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .lucidmedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    cdn1.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    cdn1.trafficmp.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .googleads.g.doubleclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .pro-market.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .burstnet.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .mypersonnecounter.in [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .mypersonnecounter.in [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .mypersonnecounter.in [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .mypersonnecounter.in [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tribalfusion.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.burstbeacon.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .burstbeacon.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .questionmarket.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .questionmarket.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    rotator.adjuggler.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    clickthrough.kanoodle.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .at.atwola.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .myroitracking.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .clicksor.com [ C:\Documents and Settings\Miller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    From Mbam: Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

    Mbam shows No action Taken which means you did not check the line for removal. Please run Mbam again and check Be sure that everything is checked, and click Remove Selected.
    Did you change some setting for the proxy or server? This is what I see in DDS:
    uInternet Settings,ProxyServer = http=127.0.0.1:8074
    uInternet Settings,ProxyOverride = <local>

    Does your ISP require Port 8074?
    This port is used by Gadu-Gadu: An Polish instant messaging client using a proprietary protocol. As with ICQ, users are identified by unique serial numbers. Protocol's features include status messages, file sharing, and VoIP. Users may format and embed images in messages.
    ===============================
    SAS has a similar line. IF you did not check it to remove all those tracking Cookies, run it again, check for removal, then do the following:
    Reset Cookies
    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    ===========================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  19. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    Combofix Log

    I removed the items from mbam and here are the results of the combofix log. I'm still being redirected while I am posting this.

    ComboFix 11-01-29.02 - Miller 01/29/2011 23:41:28.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1560 [GMT -6:00]
    Running from: c:\documents and settings\Miller\My Documents\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
    .

    2011-01-30 05:33 . 2011-01-30 05:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79DBEA37-A0E6-453D-A232-54FD51A84587}\MpKsl1b4adc47.sys
    2011-01-29 14:29 . 2011-01-29 14:29 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79DBEA37-A0E6-453D-A232-54FD51A84587}\MpKsl21508f80.sys
    2011-01-29 14:28 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79DBEA37-A0E6-453D-A232-54FD51A84587}\mpengine.dll
    2011-01-28 20:56 . 2011-01-30 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
    2011-01-28 20:56 . 2011-01-28 20:56 -------- d-----w- c:\program files\Neoteris
    2011-01-28 20:55 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-01-28 20:55 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
    2011-01-28 20:55 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
    2011-01-28 20:55 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
    2011-01-28 20:54 . 2011-01-28 20:56 -------- d-----w- c:\documents and settings\Miller\Application Data\Juniper Networks
    2011-01-28 16:38 . 2011-01-28 16:38 -------- d-----w- c:\documents and settings\Miller\Application Data\SUPERAntiSpyware.com
    2011-01-28 16:38 . 2011-01-28 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-01-28 16:38 . 2011-01-28 16:38 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-28 04:33 . 2011-01-28 04:33 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-01-27 18:06 . 2011-01-27 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
    2011-01-23 23:54 . 2011-01-24 00:05 -------- d-----w- c:\windows\.jagex_cache_32
    2011-01-23 23:53 . 2011-01-23 23:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-23 23:53 . 2011-01-23 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-06 23:53 . 2011-01-06 23:53 -------- d-----w- c:\documents and settings\Miller\Application Data\Malwarebytes
    2011-01-06 23:53 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-06 23:53 . 2011-01-06 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-01-06 23:53 . 2011-01-06 23:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-06 23:53 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 09:41 . 2010-12-11 03:19 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-11-18 18:12 . 2006-03-16 04:00 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2006-03-16 04:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2006-03-16 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2006-03-16 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2006-03-16 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2006-03-16 04:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2006-03-16 04:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-09 136176]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
    "nwiz"="nwiz.exe" [2006-08-18 1617920]
    "MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
    "DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Runes of Magic\\Client.exe"=
    "c:\\WINDOWS\\system32\\dlbtcoms.exe"=
    "c:\\Documents and Settings\\Miller\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

    R1 MpKsl1b4adc47;MpKsl1b4adc47;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79DBEA37-A0E6-453D-A232-54FD51A84587}\MpKsl1b4adc47.sys [1/29/2011 11:33 PM 28752]
    R1 MpKsl21508f80;MpKsl21508f80;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79DBEA37-A0E6-453D-A232-54FD51A84587}\MpKsl21508f80.sys [1/29/2011 8:29 AM 28752]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 2:39 PM 61952]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MPKSL1B4ADC47
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-30 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 03:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-29 23:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????[??????Y?@?????<?@
    DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600

    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    kernel: MBR read successfully
    user != kernel MBR !!!

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(836)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-01-29 23:46:40
    ComboFix-quarantined-files.txt 2011-01-30 05:46

    Pre-Run: 41,663,795,200 bytes free
    Post-Run: 41,659,813,888 bytes free

    - - End Of File - - 3B0D23D62EB384B8652610492EF6EFD8
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Explain please. Redirects happen when you do a search and get redirected to a different site when you choose a URL
    ==========================================
    The deletion of this D:\Autorun.inf in Combofix, suggest you had a possible FlashDrive infection:
    Threat Removal Procedure:

    • [1]. Download Flash_Disinfector and save it to your Desktop.
      [2]. After downloading, double-click on Flash_Disinfector to run it.
      [3]. Just follow the prompts and continue until it begin scanning.
      [​IMG]
      [4]. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
      [5]. It will scan removable drives, wait for the scan to finish. Done.

    What will Flash Disinfector Do
    - Clean up junks created by flash malwares
    - Deletes autorun.inf from every root folder
    - Fix back damages done to your system
    - Creates an autorun.inf folder in the root of your system drives

    The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
    Please do so and allow the utility to clean up those drives as well.
    Wait until it has finished scanning and then exit the program.
    Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    ===================================================
  21. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    Yes, when I click on a search result it usually takes me to the initial page I selected but while the page is loading it then takes me to a black page with a white square in the middle talking about IQ or some other strange topic (I get redirected to other sites as well but mostly this page). Many times the word "amazonaws" is in the redirected page address. But this also happens when I click any website (like this one) from my email or from a bookmarked tab. 90% of the time I click the stop button once I open a page so the page stops loading and I won't get redirected.
  22. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    I ran the Flash Disenfector. The only external thing I plug into the USB port is our printer. Do I need to plug in the printer before running this?
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    amazonaws is the Amazon Web Services. It includes:
    Amazon Simple Storage Service > http://aws.amazon.com/s3/
    Amazon CloudFront FAQs
    Amazon Simple Queue Service
    Amazon Simple Notification Service
    Product information can be found on this AWS Amazon.com SITE

    However, I found a security site that has this to say: amazonaws.com plays host to wide variety of bad bots >> Spiders, Crawlers and web robots Intelligence on search engine spider bots and identification, bad bots from spam botnets, content scrapers, tools to identify web robots, blocking malicious bots.
    Details about the bots can be found here: http://www.webmasterworld.com/search_engine_spiders/3828718.htm (it's over my head!)

    I looked through all 10,000 of the Tracking Cookies you accumulated and also your installed programs to see if I could spot anything relater- I couldn't, but that doesn't mean it's not there. Let's try blocking the AWS (Amazon Web Services) Domain.
    Go to the Control Panel> Internet Options> Security tab> Restricted sites> Sites> type each of the following IP addresses in, one at a time> click Add after each one: Just type in the number string:
    IP 67.202.0.0/18
    IP 72.44.32.0/19
    IP 75.101.128.0/17
    IP 79.125.0.0/17
    IP 174.129.0.0/16
    IP 204.236.128.0/17
    IP 204.236.224.0/19
    IP 216.182.224.0/20

    When finished> click on OK> Apply> OK

    You can also restrict this:
    *.amazonaws.com

    For other browsers, there should be a similar section to type in 'Exclusions.' In Firefox: Tools> Options> Privacy> Cookies section> Exclusions to allow Cookies from a site> Type each of the same IP in the box. A site won't load if you don't accept a Cookie.

    Give that a try and see if you notice any difference.
  24. abcdmm

    abcdmm TS Rookie Topic Starter Posts: 17

    Ok it's been blocked for a few days now and I haven't had anymore redirects from amazonaws. I've still had a few redirects from any page (including this one) to random gaming sites or advertisements.
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thanks for your patience- my internet was down for almost 2 days.

    You shouldn't be downloading new programs while we're cleaning: here's one example:
    2011-01-28 20:56 -------- d-----w- c:\program files\Neoteris
    Especially oine that is specifically for remote access: Neoteris’ market leading “clientless” SSL VPN remote access> this can add or changes entries in the logs I'm working with.

    I'm still having a problem understanding your 'redirects'- especially when you say:
    What puzzles me is your saying you get redirects from instead of to.

    Tell me please how you are getting redirected while on TechSpot.

    Did you remove all of the Tracking Cookies? Did you reset the Cookies in browsers you're using? How about a new scan with Superantispyware to make sure we have that under control. The games and ads will be coming from 3rd party Cookies. If you reset the Cookies, the ads and games shouldn't be able to access the system.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.