[Inactive] Malwarebytes Blocks Remote IP Connections in Firefox, Skype, etc. - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 35

Thread: [Inactive] Malwarebytes Blocks Remote IP Connections in Firefox, Skype, etc.

  1. #16
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,481
    I can't continue.
    You didn't say:
    What are the current issues?

  2. #17
    Join Date
    Dec 2011
    Posts
    22
    Issues: My machine will sometimes just restart to a windows/system32/hal.dll error and when inside windows i get these types of errors from malwarebytes. I have looked up the IPs and they are malware sites.








  3. #18
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,481
    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

  4. #19
    Join Date
    Dec 2011
    Posts
    22
    Thanks for the response, was gone on holiday but back, here is your report back


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c600000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    119 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,481
    Is your Norton updated and active?

  6. #21
    Join Date
    Dec 2011
    Posts
    22
    Yes, i do have it installed and updated, here is the log file from your .exe.


    .\debug.cpp(238) : Debug log started at 03.01.2012 - 13:57:52
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x0301b000 0x005e9000 "\SystemRoot\system32\ntoskrnl.exe"
    .\debug.cpp(256) : 0x03604000 0x00049000 "\SystemRoot\system32\hal.dll"
    .\debug.cpp(256) : 0x00bbb000 0x0000a000 "\SystemRoot\system32\kdcom.dll"
    .\debug.cpp(256) : 0x00c7a000 0x0004f000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
    .\debug.cpp(256) : 0x00cc9000 0x00014000 "\SystemRoot\system32\PSHED.dll"
    .\debug.cpp(256) : 0x00cdd000 0x0005e000 "\SystemRoot\system32\CLFS.SYS"
    .\debug.cpp(256) : 0x00d3b000 0x000c0000 "\SystemRoot\system32\CI.dll"
    .\debug.cpp(256) : 0x00ee5000 0x000a4000 "\SystemRoot\system32\drivers\Wdf01000.sys"
    .\debug.cpp(256) : 0x00f89000 0x0000f000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
    .\debug.cpp(256) : 0x00f98000 0x00057000 "\SystemRoot\system32\drivers\ACPI.sys"
    .\debug.cpp(256) : 0x00fef000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
    .\debug.cpp(256) : 0x00e00000 0x0000a000 "\SystemRoot\system32\drivers\msisadrv.sys"
    .\debug.cpp(256) : 0x00e0a000 0x00033000 "\SystemRoot\system32\drivers\pci.sys"
    .\debug.cpp(256) : 0x00e3d000 0x0000d000 "\SystemRoot\system32\drivers\vdrvroot.sys"
    .\debug.cpp(256) : 0x00e4a000 0x00015000 "\SystemRoot\System32\drivers\partmgr.sys"
    .\debug.cpp(256) : 0x00e5f000 0x00015000 "\SystemRoot\system32\drivers\volmgr.sys"
    .\debug.cpp(256) : 0x00e74000 0x0005c000 "\SystemRoot\System32\drivers\volmgrx.sys"
    .\debug.cpp(256) : 0x00ed0000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
    .\debug.cpp(256) : 0x00c00000 0x00010000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
    .\debug.cpp(256) : 0x00ed7000 0x00002000 "\SystemRoot\system32\DRIVERS\AiCharger.sys"
    .\debug.cpp(256) : 0x00c10000 0x0001a000 "\SystemRoot\System32\drivers\mountmgr.sys"
    .\debug.cpp(256) : 0x00c2a000 0x0003c000 "\SystemRoot\system32\drivers\vmbus.sys"
    .\debug.cpp(256) : 0x00c66000 0x00014000 "\SystemRoot\system32\drivers\winhv.sys"
    .\debug.cpp(256) : 0x00ed9000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
    .\debug.cpp(256) : 0x010a3000 0x0002a000 "\SystemRoot\system32\drivers\ataport.SYS"
    .\debug.cpp(256) : 0x010cd000 0x0000b000 "\SystemRoot\system32\drivers\amdxata.sys"
    .\debug.cpp(256) : 0x010d8000 0x0004c000 "\SystemRoot\system32\drivers\fltmgr.sys"
    .\debug.cpp(256) : 0x01124000 0x00014000 "\SystemRoot\system32\drivers\fileinfo.sys"
    .\debug.cpp(256) : 0x01138000 0x0000c000 "\SystemRoot\System32\Drivers\PxHlpa64.sys"
    .\debug.cpp(256) : 0x01213000 0x001a3000 "\SystemRoot\System32\Drivers\Ntfs.sys"
    .\debug.cpp(256) : 0x01144000 0x0005e000 "\SystemRoot\System32\Drivers\msrpc.sys"
    .\debug.cpp(256) : 0x013b6000 0x0001b000 "\SystemRoot\System32\Drivers\ksecdd.sys"
    .\debug.cpp(256) : 0x01000000 0x00072000 "\SystemRoot\System32\Drivers\cng.sys"
    .\debug.cpp(256) : 0x013d1000 0x00011000 "\SystemRoot\System32\drivers\pcw.sys"
    .\debug.cpp(256) : 0x013e2000 0x0000a000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
    .\debug.cpp(256) : 0x0147a000 0x000f3000 "\SystemRoot\system32\drivers\ndis.sys"
    .\debug.cpp(256) : 0x0156d000 0x00060000 "\SystemRoot\system32\drivers\NETIO.SYS"
    .\debug.cpp(256) : 0x015cd000 0x0002b000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
    .\debug.cpp(256) : 0x01675000 0x00204000 "\SystemRoot\System32\drivers\tcpip.sys"
    .\debug.cpp(256) : 0x01879000 0x0004a000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
    .\debug.cpp(256) : 0x018c3000 0x000f0000 "\SystemRoot\system32\DRIVERS\timntr.sys"
    .\debug.cpp(256) : 0x019b3000 0x00010000 "\SystemRoot\system32\drivers\vmstorfl.sys"
    .\debug.cpp(256) : 0x01600000 0x0004c000 "\SystemRoot\system32\drivers\volsnap.sys"
    .\debug.cpp(256) : 0x01a37000 0x00137000 "\SystemRoot\system32\DRIVERS\tdrpm273.sys"
    .\debug.cpp(256) : 0x01b6e000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
    .\debug.cpp(256) : 0x01b76000 0x00046000 "\SystemRoot\system32\DRIVERS\snapman.sys"
    .\debug.cpp(256) : 0x01bbc000 0x0003a000 "\SystemRoot\System32\drivers\rdyboost.sys"
    .\debug.cpp(256) : 0x01a00000 0x00012000 "\SystemRoot\System32\Drivers\mup.sys"
    .\debug.cpp(256) : 0x01a12000 0x00009000 "\SystemRoot\System32\drivers\hwpolicy.sys"
    .\debug.cpp(256) : 0x019c3000 0x0003a000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
    .\debug.cpp(256) : 0x01a1b000 0x00016000 "\SystemRoot\system32\DRIVERS\disk.sys"
    .\debug.cpp(256) : 0x01400000 0x00030000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0x01443000 0x0002a000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0x040ae000 0x00073000 "\SystemRoot\System32\Drivers\SRTSP64.SYS"
    .\debug.cpp(256) : 0x04121000 0x00036000 "\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS"
    .\debug.cpp(256) : 0x04177000 0x00014000 "\SystemRoot\System32\Drivers\SRTSPX64.SYS"
    .\debug.cpp(256) : 0x0418b000 0x00009000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0x04194000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0x0419b000 0x0000e000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0x041a9000 0x00025000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0x041ce000 0x00010000 "\SystemRoot\System32\drivers\watchdog.sys"
    .\debug.cpp(256) : 0x041de000 0x00009000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0x041e7000 0x00009000 "\SystemRoot\system32\drivers\rdpencdd.sys"
    .\debug.cpp(256) : 0x041f0000 0x00009000 "\SystemRoot\system32\drivers\rdprefmp.sys"
    .\debug.cpp(256) : 0x04000000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0x0400b000 0x00011000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0x0401c000 0x00022000 "\SystemRoot\system32\DRIVERS\tdx.sys"
    .\debug.cpp(256) : 0x0403e000 0x0000d000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0x0404b000 0x00012000 "\??\C:\Windows\system32\drivers\wpsdrvnt.sys"
    .\debug.cpp(256) : 0x02ec5000 0x00089000 "\SystemRoot\system32\drivers\afd.sys"
    .\debug.cpp(256) : 0x02f4e000 0x00045000 "\SystemRoot\System32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0x02f93000 0x00009000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
    .\debug.cpp(256) : 0x02f9c000 0x00026000 "\SystemRoot\system32\DRIVERS\pacer.sys"
    .\debug.cpp(256) : 0x02fc2000 0x0000f000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0x02fd1000 0x0001b000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0x02fec000 0x00014000 "\SystemRoot\system32\drivers\termdd.sys"
    .\debug.cpp(256) : 0x02e00000 0x0001a000 "\SystemRoot\System32\Drivers\SCDEmu.SYS"
    .\debug.cpp(256) : 0x02e1a000 0x00051000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0x02e6b000 0x0000c000 "\SystemRoot\system32\drivers\nsiproxy.sys"
    .\debug.cpp(256) : 0x02e77000 0x0000b000 "\SystemRoot\system32\drivers\mssmbios.sys"
    .\debug.cpp(256) : 0x04414000 0x00079000 "\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys"
    .\debug.cpp(256) : 0x0448d000 0x00026000 "\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
    .\debug.cpp(256) : 0x044b3000 0x0000f000 "\SystemRoot\System32\drivers\discache.sys"
    .\debug.cpp(256) : 0x044c2000 0x0001e000 "\SystemRoot\System32\Drivers\dfsc.sys"
    .\debug.cpp(256) : 0x044e0000 0x00011000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
    .\debug.cpp(256) : 0x044f1000 0x00006000 "\SystemRoot\SysWow64\drivers\AsIO.sys"
    .\debug.cpp(256) : 0x044f7000 0x00026000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
    .\debug.cpp(256) : 0x0451d000 0x00016000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
    .\debug.cpp(256) : 0x04ae9000 0x00617000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
    .\debug.cpp(256) : 0x05100000 0x000f4000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
    .\debug.cpp(256) : 0x04a00000 0x00046000 "\SystemRoot\System32\drivers\dxgmms1.sys"
    .\debug.cpp(256) : 0x04a46000 0x00024000 "\SystemRoot\system32\drivers\HDAudBus.sys"
    .\debug.cpp(256) : 0x04a6a000 0x00011000 "\SystemRoot\system32\drivers\usbehci.sys"
    .\debug.cpp(256) : 0x04a7b000 0x00056000 "\SystemRoot\system32\drivers\USBPORT.SYS"
    .\debug.cpp(256) : 0x04533000 0x00030000 "\SystemRoot\system32\DRIVERS\nusb3xhc.sys"
    .\debug.cpp(256) : 0x04ad1000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0x04ad3000 0x0000d000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
    .\debug.cpp(256) : 0x04563000 0x00039000 "\SystemRoot\system32\DRIVERS\Rt64win7.sys"
    .\debug.cpp(256) : 0x0459c000 0x0003e000 "\SystemRoot\system32\drivers\1394ohci.sys"
    .\debug.cpp(256) : 0x04ae0000 0x00008000 "\SystemRoot\system32\DRIVERS\ASACPI.sys"
    .\debug.cpp(256) : 0x051f4000 0x00009000 "\SystemRoot\system32\drivers\wmiacpi.sys"
    .\debug.cpp(256) : 0x045da000 0x00010000 "\SystemRoot\system32\drivers\CompositeBus.sys"
    .\debug.cpp(256) : 0x045ea000 0x00007000 "\SystemRoot\system32\DRIVERS\vncmirror.sys"
    .\debug.cpp(256) : 0x045f1000 0x00007000 "\SystemRoot\system32\DRIVERS\lmimirr.sys"
    .\debug.cpp(256) : 0x045f8000 0x00008000 "\SystemRoot\system32\DRIVERS\serscan.sys"
    .\debug.cpp(256) : 0x04400000 0x00006000 "\SystemRoot\system32\drivers\ksthunk.sys"
    .\debug.cpp(256) : 0x02e82000 0x00043000 "\SystemRoot\system32\drivers\ks.sys"
    .\debug.cpp(256) : 0x0405d000 0x00016000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
    .\debug.cpp(256) : 0x04073000 0x00024000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0x04406000 0x0000c000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0x01072000 0x0002f000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0x011a2000 0x0001b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0x011bd000 0x00021000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0x011de000 0x0001a000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
    .\debug.cpp(256) : 0x04097000 0x0000b000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
    .\debug.cpp(256) : 0x01666000 0x0000f000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0x013ec000 0x0000f000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0x05452000 0x0003d000 "\SystemRoot\system32\DRIVERS\teefer2.sys"
    .\debug.cpp(256) : 0x0548f000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
    .\debug.cpp(256) : 0x05491000 0x00012000 "\SystemRoot\system32\DRIVERS\umbus.sys"
    .\debug.cpp(256) : 0x054a3000 0x0005a000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0x054fd000 0x00018000 "\SystemRoot\system32\DRIVERS\nusb3hub.sys"
    .\debug.cpp(256) : 0x05515000 0x00015000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0x0552a000 0x0005c000 "\SystemRoot\system32\drivers\HdAudio.sys"
    .\debug.cpp(256) : 0x05586000 0x0003d000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0x055c3000 0x00022000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0x055e5000 0x0000e000 "\SystemRoot\System32\Drivers\crashdmp.sys"
    .\debug.cpp(256) : 0x055f3000 0x0000c000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
    .\debug.cpp(256) : 0x05400000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
    .\debug.cpp(256) : 0x05409000 0x00013000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
    .\debug.cpp(256) : 0x00080000 0x00314000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0x0541c000 0x0000c000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0x05428000 0x0000e000 "\SystemRoot\system32\DRIVERS\monitor.sys"
    .\debug.cpp(256) : 0x00490000 0x0000a000 "\SystemRoot\System32\TSDDD.dll"
    .\debug.cpp(256) : 0x00620000 0x00027000 "\SystemRoot\System32\cdd.dll"
    .\debug.cpp(256) : 0x008b0000 0x00061000 "\SystemRoot\System32\ATMFD.DLL"
    .\debug.cpp(256) : 0x02a00000 0x00023000 "\SystemRoot\system32\drivers\luafv.sys"
    .\debug.cpp(256) : 0x02a23000 0x00021000 "\SystemRoot\system32\drivers\WudfPf.sys"
    .\debug.cpp(256) : 0x02a44000 0x00025000 "\SystemRoot\System32\Drivers\DefragFS.SYS"
    .\debug.cpp(256) : 0x02a69000 0x00015000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
    .\debug.cpp(256) : 0x02a7e000 0x00018000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
    .\debug.cpp(256) : 0x02a96000 0x000c9000 "\SystemRoot\system32\drivers\HTTP.sys"
    .\debug.cpp(256) : 0x02b5f000 0x0001e000 "\SystemRoot\system32\DRIVERS\bowser.sys"
    .\debug.cpp(256) : 0x02b7d000 0x00018000 "\SystemRoot\System32\drivers\mpsdrv.sys"
    .\debug.cpp(256) : 0x02b95000 0x00028000 "\SystemRoot\system32\drivers\mrxdav.sys"
    .\debug.cpp(256) : 0x02bbd000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0x06afd000 0x0004e000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
    .\debug.cpp(256) : 0x06b4b000 0x00024000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
    .\debug.cpp(256) : 0x06b6f000 0x0003b000 "\??\C:\Windows\system32\drivers\WpsHelper.sys"
    .\debug.cpp(256) : 0x06baa000 0x0000e000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
    .\debug.cpp(256) : 0x06bb8000 0x00019000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0x06bd1000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0x06bda000 0x00016000 "\SystemRoot\system32\DRIVERS\LHidFilt.Sys"
    .\debug.cpp(256) : 0x06bf0000 0x0000e000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
    .\debug.cpp(256) : 0x06a00000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0x06a0d000 0x00014000 "\SystemRoot\system32\DRIVERS\LMouFilt.Sys"
    .\debug.cpp(256) : 0x06a21000 0x00007000 "\??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys"
    .\debug.cpp(256) : 0x06a28000 0x00013000 "\??\C:\Windows\system32\drivers\LMIRfsDriver.sys"
    .\debug.cpp(256) : 0x06a3b000 0x000a6000 "\SystemRoot\system32\drivers\peauth.sys"
    .\debug.cpp(256) : 0x06ae1000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS"
    .\debug.cpp(256) : 0x0740a000 0x0002a000 "\??\D:\Program Files\Sandboxie\SbieDrv.sys"
    .\debug.cpp(256) : 0x07434000 0x00031000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
    .\debug.cpp(256) : 0x07465000 0x00012000 "\SystemRoot\System32\drivers\tcpipreg.sys"
    .\debug.cpp(256) : 0x07477000 0x00047000 "\SystemRoot\system32\DRIVERS\afcdp.sys"
    .\debug.cpp(256) : 0x074be000 0x00069000 "\SystemRoot\System32\DRIVERS\srv2.sys"
    .\debug.cpp(256) : 0x07527000 0x00098000 "\SystemRoot\System32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0x075bf000 0x0002e000 "\SystemRoot\System32\drivers\rdpdr.sys"
    .\debug.cpp(256) : 0x075ed000 0x0000a000 "\SystemRoot\system32\DRIVERS\umpass.sys"
    .\debug.cpp(256) : 0x06aec000 0x0000b000 "\SystemRoot\system32\drivers\tdtcp.sys"
    .\debug.cpp(256) : 0x02bea000 0x0000f000 "\SystemRoot\System32\DRIVERS\tssecsrv.sys"
    .\debug.cpp(256) : 0x08627000 0x00039000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
    .\debug.cpp(256) : 0x08660000 0x0000a000 "\??\C:\Windows\system32\drivers\mbam.sys"
    .\debug.cpp(256) : 0x086db000 0x0000b000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
    .\debug.cpp(256) : 0x0872c000 0x0001d000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0x08749000 0x0001b000 "\SystemRoot\system32\drivers\usbaudio.sys"
    .\debug.cpp(256) : 0x04206000 0x001f8000 "\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120102.018\EX64.SYS"
    .\debug.cpp(256) : 0x08784000 0x00020000 "\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120102.018\ENG64.SYS"
    .\debug.cpp(256) : 0x77910000 0x001a9000 "\Windows\System32\ntdll.dll"
    .\debug.cpp(256) : 0x47d60000 0x00020000 "\Windows\System32\smss.exe"
    .\debug.cpp(256) : 0xffc30000 0x00050000 "\Windows\System32\apisetschema.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1717502&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev3"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000048"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RaxcoPerfectDisk"
    .\debug.cpp(400) : Destination "\Device\RaxcoPerfectDisk"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1459AE07-352E-4CAA-8082-BF812BDFE898}"
    .\debug.cpp(400) : Destination "\Device\NDMP16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector"
    .\debug.cpp(400) : Destination "\Device\MBAMProtector"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev4"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DISPLAY#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\00000008"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9442&SUBSYS_20091787&REV_00#4&113c73b2&0&0018#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C4C56974-F87A-47AE-80DC-491A10ED5F36}"
    .\debug.cpp(400) : Destination "\Device\NDMP4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev5"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11120"
    .\debug.cpp(400) : Destination "\Device\EraserUtilDrv11120"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
    .\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AcroVBus"
    .\debug.cpp(400) : Destination "\Device\AcroVBus"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C71C&Col01#9&1452f3a0&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000096"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_047F&PID_4254&MI_03&Col02#9&19b5bc11&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\000000ab"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
    .\debug.cpp(400) : Destination "\Device\Psched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev6"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05E3&PID_0608#6&3a6a7fd9&0&5#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tdrpman"
    .\debug.cpp(400) : Destination "\Device\tdrpman"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev7"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev10"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE11"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C71B#9&5da3677&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000094"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
    .\debug.cpp(400) : Destination "\Device\AscKmd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_047F&PID_4254&MI_00#8&27f93b67&0&0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\000000a7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C71C&Col04#9&1452f3a0&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000099"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{631fecd6-0420-11e0-b2bd-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{183ceaf0-5f94-11df-879b-e0cb4e8fde3b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev8"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev11"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIInfo"
    .\debug.cpp(400) : Destination "\Device\LMIInfo"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\afcdp"
    .\debug.cpp(400) : Destination "\Device\afcdp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9442&SUBSYS_20091787&REV_00#4&113c73b2&0&0018#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev9"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev12"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD9"
    .\debug.cpp(400) : Destination "\??\PCI#VEN_1033&DEV_0194&SUBSYS_84131043&REV_03#6&1a5f8ad8&0&000800E0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000053"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\000000a1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E43D242B-9EAB-4626-A952-46649FBB939A}"
    .\debug.cpp(400) : Destination "\Device\NDMP6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUSB3#ROOT_HUB30#7&32e51b9d&3#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B3C&SUBSYS_83831043&REV_06#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c8d2357d-7d03-11e0-8ea6-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#7&272a2990&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde3Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev13"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev20"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd20"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
    .\debug.cpp(400) : Destination "\Device\AgileVPN"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#VID_046D&PID_C71C&REV_0101&Col01&HidFilt#a&252be9ed&0&00#{d21a038a-7762-4451-a518-d571b1a7a24a}"
    .\debug.cpp(400) : Destination "\Device\0000009e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#VID_046D&PID_C71B&REV_0101&HidFilt#a&17c8e83c&0&00#{a977f711-0c14-45cb-bd65-36da522b189a}"
    .\debug.cpp(400) : Destination "\Device\00000095"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c8d2357e-7d03-11e0-8ea6-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev14"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev21"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd21"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DISPLAY#0001#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\00000009"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
    .\debug.cpp(400) : Destination "\Device\IPSECDOSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
    .\debug.cpp(400) : Destination "\Device\PEAuth"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev15"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev22"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd22"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
    .\debug.cpp(400) : Destination "\Device\Video5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpsHelper"
    .\debug.cpp(400) : Destination "\Device\WpsHelper"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B34&SUBSYS_83831043&REV_06#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev16"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NDMP8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomASUS_DRW-24B1ST_________________________1.04____#8&2374c1fa&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev17"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd17"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
    .\debug.cpp(400) : Destination "\Device\EraserUtilDrv11120"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_0016#9&3207d1a6&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000009d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&IPBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000009f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
    .\debug.cpp(400) : Destination "\Device\ASYNCMAC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000055"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
    .\debug.cpp(400) : Destination "\Device\SPDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev18"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd18"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Asusgio"
    .\debug.cpp(400) : Destination "\Device\Asusgio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C71B#9&5da3677&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000094"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_0016#9&3207d1a6&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000009d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#7&272a2990&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde3Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2d54ac1e&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev19"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd19"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&345abc8e&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE12"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0020#5&203162ce&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0194&SUBSYS_84131043&REV_03#6&1a5f8ad8&0&000800E0#{ac051b02-603b-4b3c-b14b-95c9268de081}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel(R)_Core(TM)_i5_CPU_________750__@_2.67GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000005b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1106&DEV_4441&SUBSYS_104383D0&REV_1001#4&9662f7f&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\00000084"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#WDE169E#5&3ad91382&0&UID257#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
    .\debug.cpp(400) : Destination "\Device\0000008c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
    .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000054"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
    .\debug.cpp(400) : Destination "\Device\NAVENG"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
    .\debug.cpp(400) : Destination "\Device\EraserCtrlDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\snapman546"
    .\debug.cpp(400) : Destination "\Device\snapman546"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05E3&PID_0608#7&1c034b5f&1&4#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_047F&PID_0008#7&1c034b5f&1&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}"
    .\debug.cpp(400) : Destination "\Device\NDMP10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BDDA6DD7-A73D-4B93-964C-5213C106606A}"
    .\debug.cpp(400) : Destination "\Device\NDMP3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#VID_046D&PID_C71C&REV_0101&Col01&MouFilt#a&252be9ed&0&00#{efbbd94f-3314-42ef-a495-4389f3715704}"
    .\debug.cpp(400) : Destination "\Device\0000009c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_83A31043&REV_03#4&100198e&0&00E4#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000048"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY7"
    .\debug.cpp(400) : Destination "\Device\Video6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A62962F7-1611-49FE-A6A6-5C3A10E3320D}"
    .\debug.cpp(400) : Destination "\Device\NDMP2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C71C&Col02#9&1452f3a0&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000097"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
    .\debug.cpp(400) : Destination "\Device\NAVEX15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1106&DEV_4441&SUBSYS_104383D0&REV_1001#4&9662f7f&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000084"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPBusEnumRoot#UMB#2&ba1ffa4&0&uuid:FAC45800-6161-FB38-DF1E-02EF5C99E1F0#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\000000a0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
    .\debug.cpp(400) : Destination "\clfs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&8721e11&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde2Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000052"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&345abc8e&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#WDE169E#5&3ad91382&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
    .\debug.cpp(400) : Destination "\Device\0000008b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#IMAGE#0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\0000000a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0194&SUBSYS_84131043&REV_03#6&1a5f8ad8&0&000800E0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_047F&PID_4254&MI_03&Col01#9&19b5bc11&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\000000aa"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1500AHFD-00RAR5___________________21.07QR5#5&1aa0e66b&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP5T0L0-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WPS"
    .\debug.cpp(400) : Destination "\Device\WPS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{99D8F1AC-B3EB-429A-992F-C88470B59E0B}"
    .\debug.cpp(400) : Destination "\Device\NDMP13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000061"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&8721e11&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde2Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk1Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
    .\debug.cpp(400) : Destination "\Device\NDMP7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000054"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Teefer2"
    .\debug.cpp(400) : Destination "\Device\Teefer2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{78032B7E-4968-42D3-9F37-287EA86C0AAA}"
    .\debug.cpp(400) : Destination "\Device\NDMP17"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&345abc8e&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
    .\debug.cpp(400) : Destination "\Device\SRTSPX"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
    .\debug.cpp(400) : Destination "\Device\WANARPV6"
    .\debug.cpp(409) : --

  7. #22
    Join Date
    Dec 2011
    Posts
    22
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE0"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#WDE169E#5&3ad91382&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
    .\debug.cpp(400) : Destination "\Device\0000008b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C71C&Col03#9&1452f3a0&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000098"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE1"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&3bdc237&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
    .\debug.cpp(400) : Destination "\Device\Nsi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1106&DEV_4441&SUBSYS_104383D0&REV_1001#4&9662f7f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000084"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE2"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel(R)_Core(TM)_i5_CPU_________750__@_2.67GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000005d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1106&DEV_4441&SUBSYS_104383D0&REV_1001#4&9662f7f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000084"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1106&DEV_4441&SUBSYS_104383D0&REV_1001#4&9662f7f&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
    .\debug.cpp(400) : Destination "\Device\00000084"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2d54ac1e&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE3"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1106&DEV_4441&SUBSYS_104383D0&REV_1001#4&9662f7f&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
    .\debug.cpp(400) : Destination "\Device\00000084"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
    .\debug.cpp(400) : Destination "\Device\Secdrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8AF5CF51-3CFB-446B-8B82-B6ADD39FE291}"
    .\debug.cpp(400) : Destination "\Device\NDMP14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C71C&Col05#9&1452f3a0&0&0004#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000009a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\snapman"
    .\debug.cpp(400) : Destination "\Device\snapman546"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE4"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUSB3#ROOT_HUB30#7&32e51b9d&3#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&345abc8e&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY8"
    .\debug.cpp(400) : Destination "\Device\Video7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&ActiveSyncWPDEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\000000a3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomASUS_DRW-24B1ST_________________________1.04____#8&2374c1fa&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{183ceaee-5f94-11df-879b-e0cb4e8fde3b}#0000000000007E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
    .\debug.cpp(400) : Destination "\Device\TeredoTun"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE5"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000055"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
    .\debug.cpp(400) : Destination "\Device\SstpDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}"
    .\debug.cpp(400) : Destination "\Device\NDMP11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1c3c106c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE6"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
    .\debug.cpp(400) : Destination "\Device\WFP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi6:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}"
    .\debug.cpp(400) : Destination "\Device\NDMP12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E86F1DF1-06AF-4848-9CC6-50B8A5A532F2}"
    .\debug.cpp(400) : Destination "\Device\NDMP5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{63078508-FE1B-4343-A7C0-28CC34102B22}"
    .\debug.cpp(400) : Destination "\Device\NDMP15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000052"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsDevice"
    .\debug.cpp(400) : Destination "\Device\LMIRFS\Control"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel(R)_Core(TM)_i5_CPU_________750__@_2.67GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000005c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel(R)_Core(TM)_i5_CPU_________750__@_2.67GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000005e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE7"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
    .\debug.cpp(400) : Destination "\Device\ProcessManagement"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
    .\debug.cpp(400) : Destination "\Device\WfpAle"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
    .\debug.cpp(400) : Destination "\Device\MPS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C71B#001F202DE9ED#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_047F&PID_4254&MI_00#8&27f93b67&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\000000a7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI13"
    .\debug.cpp(400) : Destination "\Device\EraserUtilDrv11120"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
    .\debug.cpp(400) : Destination "\Device\PartmgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1717502&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
    .\debug.cpp(400) : Destination "\Device\1394BUS0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE8"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1532&PID_0016#8&3525442f&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsCommunicationDevice"
    .\debug.cpp(400) : Destination "\Device\LMIRFS\Communication"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7529E5DA-0E5C-4B75-8619-A7EB454F6209}"
    .\debug.cpp(400) : Destination "\Device\NDMP1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_047F&PID_4254&MI_00#8&27f93b67&0&0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\000000a7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
    .\debug.cpp(400) : Destination "\Device\SymEvent"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE9"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASUSIPHONE10"
    .\debug.cpp(400) : Destination "\Device\ASUSIPHONE10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_047F&PID_0008#8&313aeacb&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\000000ac"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c8d23579-7d03-11e0-8ea6-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000062"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_83A31043&REV_03#4&100198e&0&00E4#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
    .\debug.cpp(400) : Destination "\Device\NDMP9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#WDE169E#5&3ad91382&0&UID257#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
    .\debug.cpp(400) : Destination "\Device\0000008c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi7:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C71C&Col01#9&1452f3a0&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000096"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0020#5&6c6ec2e&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C71C&Col06#9&1452f3a0&0&0005#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000009b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskKINGSTON_SV100S2128G____________________D110225a#5&2d5a9710&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP4T0L0-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev0"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C71C#001F202DE9ED#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
    .\debug.cpp(400) : Destination "\Device\SRTSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev1"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
    .\debug.cpp(400) : Destination "\Device\ATKACPI"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_047F&PID_4254#7&1c034b5f&1&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0B06#7&1c034b5f&1&3#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000053"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{c8d23579-7d03-11e0-8ea6-806e6f6e6963}#000000000C600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev2"
    .\debug.cpp(400) : Destination "\Device\SCDEmu\SCDEmuCd2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_81FE1043&REV_C0#4&3a440333&0&18F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(453) :
    **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c600000
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 119 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1152) : Done;

  8. #23
    Join Date
    Dec 2011
    Posts
    22
    This just popped up

  9. #24
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,481
    Please post fresh Combofix log.

  10. #25
    Join Date
    Dec 2011
    Posts
    22
    Here is the new combofix log:


    ComboFix 12-01-03.04 - JasonB 01/03/2012 13:50:30.6.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8183.5494 [GMT -6:00]
    Running from: c:\users\JasonB\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\JasonB\AppData\Local\assembly\tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-03 19:55 . 2012-01-03 19:55 -------- d-----w- c:\users\Mcx1-Jason-WINDOWS7\AppData\Local\temp
    2012-01-03 19:55 . 2012-01-03 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-03 19:55 . 2012-01-03 19:55 -------- d-----w- c:\users\Jason\AppData\Local\temp
    2011-12-29 23:57 . 2011-12-29 23:57 -------- d-----w- c:\program files (x86)\Traffic Travis v4
    2011-12-26 21:17 . 2011-12-26 21:17 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-12-26 21:17 . 2011-12-26 21:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2011-12-26 17:05 . 2012-01-03 17:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2132DABD-86BA-425B-822B-5B7242692F90}\offreg.dll
    2011-12-22 04:37 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2132DABD-86BA-425B-822B-5B7242692F90}\mpengine.dll
    2011-12-21 20:07 . 2011-12-21 20:07 -------- d-----w- c:\program files (x86)\ESET
    2011-12-21 13:03 . 2011-12-21 13:03 -------- d-----w- c:\program files\Common Files\Plantronics
    2011-12-21 03:37 . 2011-12-21 03:37 -------- d-----w- c:\users\JasonB\AppData\Roaming\Malwarebytes
    2011-12-21 03:36 . 2011-12-21 03:36 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-21 03:36 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-21 03:31 . 2011-12-21 03:31 388096 ----a-r- c:\users\JasonB\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-12-21 02:13 . 2011-12-22 04:34 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2011-12-21 02:13 . 2011-12-21 02:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2011-12-21 02:13 . 2011-12-21 02:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2011-12-21 02:13 . 2011-12-21 02:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2011-12-21 02:06 . 2011-12-21 02:06 -------- d-----w- c:\users\JasonB\AppData\Roaming\QuickScan
    2011-12-20 22:16 . 2011-12-20 22:16 21520 ----a-w- c:\windows\DCEBoot64.exe
    2011-12-17 02:24 . 2011-12-08 00:22 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
    2011-12-17 02:24 . 2011-12-08 00:22 34688 ----a-w- c:\windows\system32\LMIport.dll
    2011-12-17 02:24 . 2011-12-08 00:22 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-12-17 02:24 . 2011-09-16 20:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2011-12-17 02:24 . 2011-12-08 00:22 80768 ----a-w- c:\windows\system32\LMIinit.dll
    2011-12-17 02:23 . 2011-12-17 02:24 -------- d-----w- c:\program files (x86)\LogMeIn
    2011-12-13 23:12 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-13 23:12 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-12-13 23:11 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-13 23:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-13 23:11 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-13 23:11 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-12-13 23:01 . 2011-12-13 23:01 -------- d-----w- c:\users\JasonB\AppData\Local\Palo_Alto_Software
    2011-12-13 23:01 . 2011-12-13 23:01 -------- d-----w- c:\users\JasonB\AppData\Roaming\bppenu11
    2011-12-08 19:37 . 2011-12-08 19:37 -------- d-----w- c:\users\JasonB\AppData\Roaming\ArticleSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    2011-12-08 19:37 . 2011-12-08 19:37 -------- d-----w- c:\program files (x86)\Article Samurai
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-01 02:36 . 2011-12-01 02:36 53248 ----a-r- c:\users\JasonB\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-12-01 02:35 . 2010-11-17 01:15 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-11-10 11:54 . 2010-06-14 14:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-10-25 01:14 . 2011-10-25 01:14 286720 ------w- c:\windows\Setup1.exe
    2011-10-25 01:14 . 2011-10-25 01:14 73216 ----a-w- c:\windows\ST6UNST.EXE
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-10-17 13:23 . 2011-10-17 13:25 349736 ----a-w- c:\windows\system32\drivers\btwampfl.sys
    2011-10-17 13:23 . 2011-10-17 13:25 138280 ----a-w- c:\windows\system32\drivers\btwavdt.sys
    2011-10-17 13:23 . 2011-10-17 13:25 107560 ----a-w- c:\windows\system32\drivers\btwaudio.sys
    2011-10-17 13:23 . 2011-10-17 13:25 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
    2011-10-17 13:23 . 2011-10-17 13:25 21416 ----a-w- c:\windows\system32\drivers\btwrchid.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-12-26_16.16.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2012-01-03 03:13 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-12-26 01:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-12-26 01:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-01-03 03:13 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-01-03 03:13 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-12-26 01:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-05-14 21:26 . 2011-12-28 13:49 55386 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-01-03 17:37 35570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-05-14 23:33 . 2012-01-03 17:37 11544 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2761845265-332174530-1650960061-1132_UserData.bin
    + 2010-05-12 07:34 . 2012-01-03 17:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-05-12 07:34 . 2011-12-26 15:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-12-26 17:03 . 2012-01-03 17:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-01-03 17:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-12-26 15:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-05-12 05:36 . 2011-12-26 15:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-05-12 05:36 . 2012-01-03 17:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-05-12 05:40 . 2012-01-03 17:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-05-12 05:40 . 2011-12-26 15:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-11-18 19:04 . 2011-11-18 19:04 39936 c:\windows\Installer\1a9a7c.msi
    - 2011-12-26 15:54 . 2011-12-26 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-12-29 03:29 . 2012-01-03 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-12-29 03:29 . 2012-01-03 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-12-26 15:54 . 2011-12-26 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-01-03 17:45 663184 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-12-26 15:58 663184 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-01-03 17:45 122052 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-12-26 15:58 122052 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2011-12-26 15:46 581016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-12-29 03:28 581016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2010-10-23 15:15 . 2011-12-26 15:46 17138840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2761845265-332174530-1650960061-1132-8192.dat
    + 2010-10-23 15:15 . 2011-12-29 03:28 17138840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2761845265-332174530-1650960061-1132-8192.dat
    + 2011-12-26 21:17 . 2011-12-26 21:17 52920320 c:\windows\Installer\1a9a84.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\JasonB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\JasonB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\JasonB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
    @="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
    [HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
    2011-08-19 19:55 194416 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon32.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
    @="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
    [HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
    2011-08-19 19:58 194416 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "RocketDock"="d:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "SandboxieControl"="d:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432]
    "G6FTP Server Tray Monitor"="d:\program files (x86)\Gene6 FTP Server\G6FTPTray.exe" [2007-02-05 78336]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-23 107000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-02-12 115560]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe Acrobat Speed Launcher"="d:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-04 38840]
    "Acrobat Assistant 8.0"="d:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-07 9936000]
    "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
    "QFan Help"="d:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]
    "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    c:\users\JasonB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\JasonB\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
    DropboxPortableAHK - Shortcut.lnk - d:\dropbox\DropboxPortableAHK.exe [2011-6-7 1021952]
    Pidgin.lnk - d:\program files (x86)\Pidgin\pidgin.exe [2010-12-26 48618]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Gladinet Cloud Desktop.lnk - c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GladLauncher.exe [2011-8-19 87920]
    Snagit 10.lnk - d:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
    R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]
    R3 bthav;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
    R3 CrossLoopService;CrossLoop Service;c:\users\JasonB\AppData\Local\CrossLoop\CrossLoopService.exe [2011-07-08 563216]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tvnserver;TightVNC Server;c:\users\JasonB\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R4 AWRScheduler;Advanced Web Ranking Scheduler;c:\program files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [2011-06-14 116672]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
    R4 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-12 3975088]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 G6FTPServer;Gene6 FTP Server;d:\program files (x86)\Gene6 FTP Server\G6FTPSERVER.EXE [2007-10-22 470016]
    S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [2011-08-19 29552]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-08 375176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
    S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-10-03 2358656]
    S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2010-08-11 56040]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 138360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-28 02:46]
    .
    2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-28 02:46]
    .
    2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2761845265-332174530-1650960061-1132Core.job
    - c:\users\JasonB\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 02:46]
    .
    2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2761845265-332174530-1650960061-1132UA.job
    - c:\users\JasonB\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 02:46]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\JasonB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\JasonB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\JasonB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\JasonB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
    @="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
    [HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
    2011-08-19 19:56 192368 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
    @="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
    [HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
    2011-08-19 19:58 195440 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-21 390712]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.digg.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - d:\progra~3\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Subscribe in RSS Bandit - c:\users\JasonB\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
    Trusted Zone: intuit.com\ttlc
    TCP: Interfaces\{C4C56974-F87A-47AE-80DC-491A10ED5F36}: NameServer = 192.168.0.150,208.67.220.220,4.2.2.2,208.67.222.222,4.2.2.3
    DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
    FF - ProfilePath - c:\users\JasonB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.JasonB\
    FF - prefs.js: browser.startup.homepage - hxxp://www.digg.com
    FF - prefs.js: network.proxy.ftp - 23.19.152.144
    FF - prefs.js: network.proxy.ftp_port - 62912
    FF - prefs.js: network.proxy.gopher - 23.19.152.144
    FF - prefs.js: network.proxy.gopher_port - 62912
    FF - prefs.js: network.proxy.http - 23.19.152.144
    FF - prefs.js: network.proxy.http_port - 62912
    FF - prefs.js: network.proxy.socks - 23.19.152.144
    FF - prefs.js: network.proxy.socks_port - 62912
    FF - prefs.js: network.proxy.ssl - 23.19.152.144
    FF - prefs.js: network.proxy.ssl_port - 62912
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-01-03 15:17:12
    ComboFix-quarantined-files.txt 2012-01-03 21:17
    ComboFix2.txt 2011-12-28 07:38
    ComboFix3.txt 2011-12-26 23:54
    ComboFix4.txt 2011-12-26 19:08
    ComboFix5.txt 2012-01-03 19:48
    .
    Pre-Run: 33,391,927,296 bytes free
    Post-Run: 33,291,026,432 bytes free
    .
    - - End Of File - - E1152D9AFF09D0551EA536A33D80825A

  11. #26
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,481
    Looks clean.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-2761845265-332174530-1650960061-1132\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
      O15 - HKU\S-1-5-21-2761845265-332174530-1650960061-1132\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      @Alternate Data Stream - 1207 bytes -> C:\Users\JasonB\AppData\Local\Temp:6sdrDDNFp9xANHqS2LFYAOdkcFQEu
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    ===========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.



    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.

  12. #27
    Join Date
    Dec 2011
    Posts
    22
    OTL Log

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-2761845265-332174530-1650960061-1132\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry key HKEY_USERS\S-1-5-21-2761845265-332174530-1650960061-1132\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    ADS C:\Users\JasonB\AppData\Local\Temp:6sdrDDNFp9xANHqS2LFYAOdkcFQEu deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Jason
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: JasonB
    ->Temp folder emptied: 30987 bytes
    ->Temporary Internet Files folder emptied: 10496209 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 28343767 bytes
    ->Flash cache emptied: 2137 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mcx1-Jason-WINDOWS7
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 37.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Jason

    User: JasonB
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mcx1-Jason-WINDOWS7
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01032012_183639

    Files\Folders moved on Reboot...
    C:\Users\JasonB\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...


    Security Check Log

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    MVPS Hosts File
    Tube Spy
    Duplicate Cleaner 2.1b
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````

  13. #28
    Join Date
    Dec 2011
    Posts
    22
    This just popped up when i started firefox



    Here is the log from MBAM

    2012/01/03 11:38:14 -0600 JASON-WINDOWS7 JasonB MESSAGE Starting protection
    2012/01/03 11:38:16 -0600 JASON-WINDOWS7 JasonB MESSAGE Protection started successfully
    2012/01/03 11:38:19 -0600 JASON-WINDOWS7 JasonB MESSAGE Starting IP protection
    2012/01/03 11:38:19 -0600 JASON-WINDOWS7 JasonB MESSAGE IP Protection started successfully
    2012/01/03 11:49:06 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 11:49:14 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 11:49:14 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 11:49:54 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 11:49:54 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 11:49:54 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 12:00:24 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 12:00:32 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 12:00:32 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 16:17:29 -0600 JASON-WINDOWS7 JasonB MESSAGE Executing scheduled update: Daily
    2012/01/03 16:17:36 -0600 JASON-WINDOWS7 JasonB MESSAGE Scheduled update executed successfully: database updated from version v2012.01.02.05 to version v2012.01.03.04
    2012/01/03 16:17:36 -0600 JASON-WINDOWS7 JasonB MESSAGE Starting database refresh
    2012/01/03 16:17:36 -0600 JASON-WINDOWS7 JasonB MESSAGE Stopping IP protection
    2012/01/03 16:18:06 -0600 JASON-WINDOWS7 JasonB MESSAGE IP Protection stopped
    2012/01/03 16:18:08 -0600 JASON-WINDOWS7 JasonB MESSAGE Database refreshed successfully
    2012/01/03 16:18:08 -0600 JASON-WINDOWS7 JasonB MESSAGE Starting IP protection
    2012/01/03 16:18:08 -0600 JASON-WINDOWS7 JasonB MESSAGE IP Protection started successfully
    2012/01/03 18:42:03 -0600 JASON-WINDOWS7 JasonB MESSAGE Starting protection
    2012/01/03 18:42:05 -0600 JASON-WINDOWS7 JasonB MESSAGE Protection started successfully
    2012/01/03 18:42:08 -0600 JASON-WINDOWS7 JasonB MESSAGE Starting IP protection
    2012/01/03 18:42:08 -0600 JASON-WINDOWS7 JasonB MESSAGE IP Protection started successfully
    2012/01/03 19:01:44 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 19:01:52 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 19:02:24 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 19:02:24 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    2012/01/03 19:02:24 -0600 JASON-WINDOWS7 JasonB IP-BLOCK 213.155.21.224 (Type: outgoing, Port: 52211, Process: skype.exe)
    Last edited by SEMAlchemy; January 3rd, 2012 at 09:06 PM. Reason: added log

  14. #29
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,481
    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


    Are you familiar with AtomicSystems.local?

  15. #30
    Join Date
    Dec 2011
    Posts
    22
    Yes, AtomicSystems is the local domain I am on, Domain Server. I will download and run GooredFix. While running ESet scanner (still running) Malwarebytes blocked firefox.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •