Jump to content

delayed starup and whistler bootkit


Recommended Posts

for a while couldn't do anything on startup so ran combofix and saw whistler bootkit not sure what it is, but after that it became a delayed start can't run programs from 5-10 mintues after it sits there. Here's the combofix log

ComboFix 10-07-26.04 - Ziehos 07/27/2010 10:44:50.16.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.194 [GMT -5:00]

Running from: c:\documents and settings\Ziehos\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

MBR is infected with the Whistler Bootkit !!

((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))

.

2010-07-26 08:02 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-07-26 08:02 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-07-26 08:02 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-07-26 08:02 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-07-23 07:15 . 2010-07-23 07:15 0 ----a-w- c:\windows\Ngeje.bin

2010-07-23 07:15 . 2010-07-23 07:15 120 ----a-w- c:\windows\Agusakokupu.dat

2010-07-23 07:14 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-07-23 07:14 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys

2010-07-23 07:13 . 2010-07-23 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-07-13 22:23 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-11 23:05 . 2010-07-11 23:05 -------- d-----w- c:\program files\Common Files\Apple

2010-07-10 22:10 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-06-29 05:10 . 2010-07-18 09:12 -------- d-----w- c:\documents and settings\Ziehos\Application Data\vlc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-27 15:41 . 2009-01-20 22:38 -------- d-----w- c:\documents and settings\Ziehos\Application Data\mjusbsp

2010-07-27 00:10 . 2006-06-24 01:40 -------- d-----w- c:\program files\Morpheus

2010-07-26 08:02 . 2008-09-15 02:33 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-07-26 07:49 . 2008-04-18 21:28 -------- d-----w- c:\documents and settings\Ziehos\Application Data\uTorrent

2010-07-24 22:36 . 2009-10-25 10:52 32 ----a-w- c:\windows\msocreg32.dat

2010-07-23 23:22 . 2009-10-25 10:44 -------- d-----w- c:\program files\IK Multimedia

2010-07-23 23:19 . 2005-08-10 05:32 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-22 21:33 . 2010-01-16 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-11 23:10 . 2009-06-16 13:36 -------- d-----w- c:\program files\QuickTime

2010-07-10 12:58 . 2009-05-01 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-01 04:25 . 2007-02-21 23:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-28 20:57 . 2010-02-13 02:50 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2010-02-13 02:50 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2010-02-13 02:50 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2010-02-13 02:50 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2010-02-13 02:50 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-28 20:32 . 2010-02-13 02:50 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-28 20:32 . 2010-02-13 02:50 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-28 20:32 . 2010-02-13 02:50 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-06-04 20:12 . 2009-07-09 22:45 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-31 06:03 . 2009-10-24 07:25 -------- d-----w- c:\documents and settings\Ziehos\Application Data\dvdcss

2010-05-06 10:41 . 2006-02-24 19:26 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 01:51 . 2006-06-24 23:52 20064 ----a-w- c:\documents and settings\Ziehos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-02 07:58 . 2009-09-19 08:32 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 20:39 . 2010-06-09 08:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2010-06-09 08:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Ziehos\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-12 200704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi3"=vmcmidiport.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk

backup=c:\windows\pss\Hawking Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk

backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]

1998-12-01 00:04 497376 ----a-w- c:\windows\p_981116.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2006-10-30 15:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2003-07-13 08:49 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2008-03-14 23:50 233472 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2008-08-12 23:19 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-11-15 10:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-01-27 21:42 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2007-08-30 22:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Neuro-Programmer 2 Professional\\Neuro-Programmer 2.exe"=

"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=

"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\nestc042\\NESTCL95.EXE"=

"c:\\Documents and Settings\\Ziehos\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5060:UDP"= 5060:UDP:magicjack

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [8/9/2005 6:52 PM 75904]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/12/2010 9:50 PM 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2010 9:50 PM 17744]

R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [7/17/2009 8:32 AM 3576320]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/7/2007 7:16 PM 691696]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Ahyegpry

EsauZxyanod

.

Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-27 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab

FF - ProfilePath - c:\documents and settings\Ziehos\Application Data\Mozilla\Firefox\Profiles\z1c93oeu.default\

FF - prefs.js: browser.search.selectedEngine - Google Real-Time

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\Ziehos\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\Ziehos\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

------- File Associations -------

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-27 10:56

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)

c:\windows\system32\vmcmidiport.dll

c:\windows\System32\NavLogon.dll

- - - - - - - > 'lsass.exe'(696)

c:\windows\system32\vmcmidiport.dll

- - - - - - - > 'explorer.exe'(5256)

c:\windows\system32\WININET.dll

c:\windows\system32\vmcmidiport.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\ewido anti-spyware 4.0\guard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\taskmgr.exe

.

**************************************************************************

.

Completion time: 2010-07-27 11:11:07 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-27 16:11

ComboFix2.txt 2010-07-26 23:33

ComboFix3.txt 2010-07-26 08:43

ComboFix4.txt 2010-07-23 15:32

ComboFix5.txt 2010-07-27 15:41

Pre-Run: 1,723,330,560 bytes free

Post-Run: 1,711,661,056 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4

- - End Of File - - 444801585C3C4C5F19DC577080F175EF

and here's the hijack this log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:41:48, on 7/27/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643

R3 - URLSearchHook: Yahoo!

Link to post
Share on other sites

  • Replies 83
  • Created
  • Last Reply

Top Posters In This Topic

No there no restore points before that. I wouldn't have been able to make this post without it I know it was bad, but nothing would be working without it if I knew of a different program so I could get out of the frozen state on startup I would use that is there a program like that?

Link to post
Share on other sites

yes there 3 some was when I ran combo fix and one regular restore point I tried that and it didn't work so I might as well have no restore points because none of them work.I found the first of those you listed not the 2nd.C:\Windows\ERDNT\hiv-backup\erdnt.exe

When I say they don't work I mean the computer rebooted and it told me nothing was restored if you need clarification and said to try a different restore point.

Link to post
Share on other sites

That's the registry backup taken before you ran ComboFix.

You're Doing This At Your Own Risk!

Windows\ERDNT\hiv-backup\erdnt.exe <-----

If you double click on erdnt.exe, it will restore the registry to before you ran ComboFix.

Reboot and see if there's any change.

MrC

Link to post
Share on other sites

Download MBRCheck.exe to your desktop

XP users > double click on MBRCheck.exe to run it

Vista and Windows 7 users > right click on MBRCheck.exe and select Run as Administrator

It will show a black screen with some data on it

Please do not run any of the options

When it's done > Press Enter to close the program

A file will called MBRCheck_ will appear on your desktop

Please copy into to your next reply

MrC

Link to post
Share on other sites

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 Unknown MBR code

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done! Press ENTER to exit...

Link to post
Share on other sites

Iexited anyway for now I'll post the log and run again if I need to

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 Unknown MBR code

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk0...

Enter filename to dump to: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit):

Done! Press ENTER to exit...

Link to post
Share on other sites

well I'm doing a search for bothdump.dat came up with nothing *.dat came up with tons of files probably none related to what your specifically looking for a lot of them are in C:\Documents and Settings\Ziehos\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active

still searching for dump.dat might take a little bit.

Link to post
Share on other sites

If you're having no luck getting that dump file, try this:

Create a folder on your desktop and put MBRCheck.exe in there.

Now run MBRCheck.exe

Enter 'Y' and hit ENTER for more options

Choose:

[1] Dump the MBR of a physical disk to file.

Your drive is 0 if it ask

the log should be in that folder

Link to post
Share on other sites

ok got it the dat file is not a log though here's the log though and what do I do with the dat file?

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 Unknown MBR code

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk0...

Enter filename to dump to: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit):

Done! Press ENTER to exit...

Link to post
Share on other sites

or maybe I should say the dat file is not a log I open with notepad originally displayed as a windows media player file and there no words. the log that I got when I did it was the one I already posted,but I'll post again.

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 Unknown MBR code

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk0...

Enter filename to dump to: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit):

Done! Press ENTER to exit...

Link to post
Share on other sites

Do it this way:

Download Bootkit remover to your desktop

This is a rar file if you do not have a programme to open it then download and install Peazip

Extract Remover.exe to your desktop

Go to Start > Run > copy and paste this in:

"%userprofile%\Desktop\remover.exe" dump \\.\PhysicalDrive0

Click OK

A txt log will appear on your desktop > copy and paste or (attach it) it back here.

MrC

Link to post
Share on other sites

.\debug.cpp(238) : Debug log started at 31.07.2010 - 12:48:02

.\boot_cleaner.cpp(675) : Bootkit Remover

.\boot_cleaner.cpp(676) : © 2009 eSage Lab

.\boot_cleaner.cpp(677) : www.esagelab.com

.\boot_cleaner.cpp(681) : Program version: 1.1.0.0

.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

.\debug.cpp(248) : **********************************************

.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********

.\debug.cpp(250) : **********************************************

.\debug.cpp(256) : 0x804d7000 0x001f8980 "\WINDOWS\system32\ntkrnlpa.exe"

.\debug.cpp(256) : 0x806d0000 0x00020300 "\WINDOWS\system32\hal.dll"

.\debug.cpp(256) : 0xf8ae3000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"

.\debug.cpp(256) : 0xf89f3000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"

.\debug.cpp(256) : 0xf84b4000 0x0002e000 "ACPI.sys"

.\debug.cpp(256) : 0xf8ae5000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"

.\debug.cpp(256) : 0xf84a3000 0x00011000 "pci.sys"

.\debug.cpp(256) : 0xf85e3000 0x0000a000 "isapnp.sys"

.\debug.cpp(256) : 0xf8ae7000 0x00002000 "viaide.sys"

.\debug.cpp(256) : 0xf8863000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"

.\debug.cpp(256) : 0xf85f3000 0x0000b000 "MountMgr.sys"

.\debug.cpp(256) : 0xf8484000 0x0001f000 "ftdisk.sys"

.\debug.cpp(256) : 0xf8ae9000 0x00002000 "dmload.sys"

.\debug.cpp(256) : 0xf845e000 0x00026000 "dmio.sys"

.\debug.cpp(256) : 0xf886b000 0x00005000 "PartMgr.sys"

.\debug.cpp(256) : 0xf8603000 0x0000d000 "VolSnap.sys"

.\debug.cpp(256) : 0xf8448000 0x00016000 "imagedrv.sys"

.\debug.cpp(256) : 0xf8430000 0x00018000 "\WINDOWS\system32\DRIVERS\SCSIPORT.SYS"

.\debug.cpp(256) : 0xf8418000 0x00018000 "atapi.sys"

.\debug.cpp(256) : 0xf8405000 0x00013000 "viasraid.sys"

.\debug.cpp(256) : 0xf83f2000 0x00013000 "viamraid.sys"

.\debug.cpp(256) : 0xf8613000 0x00009000 "disk.sys"

.\debug.cpp(256) : 0xf8623000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"

.\debug.cpp(256) : 0xf83d2000 0x00020000 "fltmgr.sys"

.\debug.cpp(256) : 0xf83c0000 0x00012000 "sr.sys"

.\debug.cpp(256) : 0xf8633000 0x00009000 "PxHelp20.sys"

.\debug.cpp(256) : 0xf83a9000 0x00017000 "KSecDD.sys"

.\debug.cpp(256) : 0xf831c000 0x0008d000 "Ntfs.sys"

.\debug.cpp(256) : 0xf82ef000 0x0002d000 "NDIS.sys"

.\debug.cpp(256) : 0xf89f7000 0x00004000 "RecAgent.sys"

.\debug.cpp(256) : 0xf82d5000 0x0001a000 "Mup.sys"

.\debug.cpp(256) : 0xf8643000 0x0000c000 "gagp30kx.sys"

.\debug.cpp(256) : 0xf7f6e000 0x00003000 "\SystemRoot\system32\DRIVERS\tunmp.sys"

.\debug.cpp(256) : 0xf79a2000 0x00009000 "\SystemRoot\System32\DRIVERS\processr.sys"

.\debug.cpp(256) : 0xf7562000 0x003d0000 "\SystemRoot\System32\DRIVERS\nv4_mini.sys"

.\debug.cpp(256) : 0xf754e000 0x00014000 "\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS"

.\debug.cpp(256) : 0xf7992000 0x0000b000 "\SystemRoot\System32\DRIVERS\imapi.sys"

.\debug.cpp(256) : 0xf7982000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"

.\debug.cpp(256) : 0xf7972000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"

.\debug.cpp(256) : 0xf752b000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys"

.\debug.cpp(256) : 0xf89b3000 0x00006000 "\SystemRoot\System32\DRIVERS\usbuhci.sys"

.\debug.cpp(256) : 0xf7507000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"

.\debug.cpp(256) : 0xf89bb000 0x00008000 "\SystemRoot\System32\DRIVERS\usbehci.sys"

.\debug.cpp(256) : 0xf72d6000 0x00231000 "\SystemRoot\system32\drivers\ALCXWDM.SYS"

.\debug.cpp(256) : 0xf72b2000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"

.\debug.cpp(256) : 0xf7952000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"

.\debug.cpp(256) : 0xf72a0000 0x00012000 "\SystemRoot\System32\DRIVERS\Rtlnicxp.sys"

.\debug.cpp(256) : 0xf89c3000 0x00007000 "\SystemRoot\System32\DRIVERS\fdc.sys"

.\debug.cpp(256) : 0xf8703000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"

.\debug.cpp(256) : 0xf7f66000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"

.\debug.cpp(256) : 0xf728c000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"

.\debug.cpp(256) : 0xf7f62000 0x00003000 "\SystemRoot\System32\DRIVERS\gameenum.sys"

.\debug.cpp(256) : 0xf8c0d000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"

.\debug.cpp(256) : 0xf8853000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"

.\debug.cpp(256) : 0xf8aaf000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"

.\debug.cpp(256) : 0xf664e000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"

.\debug.cpp(256) : 0xf8673000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"

.\debug.cpp(256) : 0xf86a3000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"

.\debug.cpp(256) : 0xf891b000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"

.\debug.cpp(256) : 0xf6626000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"

.\debug.cpp(256) : 0xf86c3000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"

.\debug.cpp(256) : 0xf8963000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"

.\debug.cpp(256) : 0xf8993000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"

.\debug.cpp(256) : 0xf61f6000 0x00030000 "\SystemRoot\System32\DRIVERS\rdpdr.sys"

.\debug.cpp(256) : 0xf8803000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"

.\debug.cpp(256) : 0xf897b000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"

.\debug.cpp(256) : 0xf893b000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"

.\debug.cpp(256) : 0xf8b89000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"

.\debug.cpp(256) : 0xf6198000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"

.\debug.cpp(256) : 0xf8acf000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"

.\debug.cpp(256) : 0xf7942000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"

.\debug.cpp(256) : 0xf69f4000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"

.\debug.cpp(256) : 0xeff70000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"

.\debug.cpp(256) : 0xef04a000 0x00005000 "\SystemRoot\System32\DRIVERS\flpydisk.sys"

.\debug.cpp(256) : 0xeeef2000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"

.\debug.cpp(256) : 0xeff24000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"

.\debug.cpp(256) : 0xefac6000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"

.\debug.cpp(256) : 0xeff22000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"

.\debug.cpp(256) : 0xef042000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"

.\debug.cpp(256) : 0xef03a000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"

.\debug.cpp(256) : 0xeff20000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"

.\debug.cpp(256) : 0xeff1e000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"

.\debug.cpp(256) : 0xef032000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"

.\debug.cpp(256) : 0xef02a000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"

.\debug.cpp(256) : 0xeeeea000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"

.\debug.cpp(256) : 0xee1bd000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"

.\debug.cpp(256) : 0xee164000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"

.\debug.cpp(256) : 0xef9ff000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"

.\debug.cpp(256) : 0xee13c000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"

.\debug.cpp(256) : 0xeeede000 0x00003000 "\SystemRoot\System32\drivers\ws2ifsl.sys"

.\debug.cpp(256) : 0xee11a000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"

.\debug.cpp(256) : 0xef9ef000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"

.\debug.cpp(256) : 0xef9df000 0x0000b000 "\SystemRoot\System32\Drivers\SCDEmu.SYS"

.\debug.cpp(256) : 0xee0c7000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"

.\debug.cpp(256) : 0xee02f000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"

.\debug.cpp(256) : 0xf08e8000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"

.\debug.cpp(256) : 0xee009000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"

.\debug.cpp(256) : 0xf08d8000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"

.\debug.cpp(256) : 0xef9d5000 0x00001000 "\??\C:\Program Files\ewido anti-spyware 4.0\guard.sys"

.\debug.cpp(256) : 0xedfe2000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"

.\debug.cpp(256) : 0xef012000 0x00006000 "\SystemRoot\System32\Drivers\Aavmker4.SYS"

.\debug.cpp(256) : 0xee112000 0x00003000 "\SystemRoot\System32\DRIVERS\hidusb.sys"

.\debug.cpp(256) : 0xf08c8000 0x00009000 "\SystemRoot\System32\DRIVERS\HIDCLASS.SYS"

.\debug.cpp(256) : 0xee210000 0x00007000 "\SystemRoot\System32\DRIVERS\USBSTOR.SYS"

.\debug.cpp(256) : 0xee0b7000 0x00003000 "\SystemRoot\System32\DRIVERS\mouhid.sys"

.\debug.cpp(256) : 0xee218000 0x00008000 "\SystemRoot\System32\DRIVERS\usbccgp.sys"

.\debug.cpp(256) : 0xecf5f000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"

.\debug.cpp(256) : 0xf5072000 0x00009000 "\SystemRoot\system32\drivers\LVUSBSta.sys"

.\debug.cpp(256) : 0xf5042000 0x0000f000 "\SystemRoot\system32\drivers\usbaudio.sys"

.\debug.cpp(256) : 0xee440000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"

.\debug.cpp(256) : 0xec796000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"

.\debug.cpp(256) : 0xf05a7000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"

.\debug.cpp(256) : 0xef9d7000 0x00004000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"

.\debug.cpp(256) : 0xec783000 0x00013000 "\SystemRoot\System32\Drivers\dump_viamraid.sys"

.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"

.\debug.cpp(256) : 0xefdf4000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"

.\debug.cpp(256) : 0xf1fa0000 0x00005000 "\SystemRoot\System32\watchdog.sys"

.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"

.\debug.cpp(256) : 0xf8c21000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"

.\debug.cpp(256) : 0xbf012000 0x00452000 "\SystemRoot\System32\nv4_disp.dll"

.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"

.\debug.cpp(256) : 0xf6804000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"

.\debug.cpp(256) : 0xba5ea000 0x00016000 "\SystemRoot\System32\DRIVERS\nwlnkipx.sys"

.\debug.cpp(256) : 0xf1ff0000 0x00010000 "\SystemRoot\System32\DRIVERS\nwlnknb.sys"

.\debug.cpp(256) : 0xee430000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"

.\debug.cpp(256) : 0xba5d3000 0x00017000 "\SystemRoot\System32\Drivers\aswMon2.SYS"

.\debug.cpp(256) : 0xee2d4000 0x0000e000 "\SystemRoot\System32\DRIVERS\nwlnkspx.sys"

.\debug.cpp(256) : 0xb9cce000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"

.\debug.cpp(256) : 0xef4c5000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"

.\debug.cpp(256) : 0xb9c79000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"

.\debug.cpp(256) : 0xf8af5000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"

.\debug.cpp(256) : 0xb9c0e000 0x00043000 "\SystemRoot\system32\DRIVERS\atksgt.sys"

.\debug.cpp(256) : 0xef1ae000 0x00005000 "\SystemRoot\system32\DRIVERS\lirsgt.sys"

.\debug.cpp(256) : 0xb9bc6000 0x00003000 "\SystemRoot\System32\DRIVERS\mdmxsdk.sys"

.\debug.cpp(256) : 0xf1f40000 0x0000a000 "\SystemRoot\System32\DRIVERS\secdrv.sys"

.\debug.cpp(256) : 0xef415000 0x00005000 "\SystemRoot\system32\Drivers\LVPr2Mon.sys"

.\debug.cpp(256) : 0xee220000 0x00008000 "\SystemRoot\System32\DRIVERS\nwlnkfwd.sys"

.\debug.cpp(256) : 0xb98de000 0x00004000 "\SystemRoot\System32\DRIVERS\nwlnkflt.sys"

.\debug.cpp(256) : 0xec7c2000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"

.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"

.\debug.cpp(263) : **********************************************

.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********

.\debug.cpp(308) : **********************************************

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"

.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"

.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"

.\debug.cpp(400) : Destination="\Device\Scsi\viamraid1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_1604#MX18A6D233BH#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04b4&Pid_0101#5&2ab15cf0&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"

.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10#3&13c0b0c5&0&98#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"

.\debug.cpp(400) : Destination="\Device\aswSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"

.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_50041458&REV_81#3&13c0b0c5&0&81#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"

.\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"

.\debug.cpp(400) : Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"

.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"

.\debug.cpp(400) : Destination="\Device\aswSP_Pot2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LogiProcMon2"

.\debug.cpp(400) : Destination="\Device\LogiProcMon2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"

.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"

.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"

.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0bda&Pid_0158#20060413092100000#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"

.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_50041458&REV_81#3&13c0b0c5&0&82#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S222A________________SB01____#5&35133b1c&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_04b4&Pid_0101&MI_01&Col01#7&221dbd37&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\00000088"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_06e6&Pid_c200&MI_01#6&19df22a&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"

.\debug.cpp(400) : Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON"

.\debug.cpp(400) : Destination="\Device\aswMon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_04b4&Pid_0101&MI_00#7&1b9808b&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"

.\debug.cpp(400) : Destination="\Device\Tun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"

.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&16d80bd1&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_YMAX&Prod_MagicJack&Rev_2.00#7&2551849&0&A9210506004905&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\0000008a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_1a40&Pid_0101#5&298b8892&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1f475c15&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_06e6&Pid_c200&MI_01#6&19df22a&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"

.\debug.cpp(400) : Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPB02F#3&13c0b0c5&0#{cae56030-684a-11d0-d6f6-00a0c90f57da}"

.\debug.cpp(400) : Destination="\Device\00000063"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_50041458&REV_81#3&13c0b0c5&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"

.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&33bc18fa&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\FloppyPDO0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_Multi-Card&Rev_1.00#20060413092100000&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_A0021458&REV_60#3&13c0b0c5&0&8D#{dda54a40-1e4c-11d1-a050-405705c10000}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c01d#7&2215b808&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&2323ffb6&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"

.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"

.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{79ef96c8-a489-11db-8023-000feae45432}"

.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"

.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&23dc9030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_1604#MX18A6D233BH#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"

.\debug.cpp(400) : Destination="\Device\USBPDO-11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev0"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM2"

.\debug.cpp(400) : Destination="\Device\Serial1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_28#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"

.\debug.cpp(400) : Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"

.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bea252bc-c003-11de-b9c5-806d6172696f}"

.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bf20e221-60ed-11de-aee9-000feae45432}"

.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureB53FB53FOffset7E00Length1756DB3800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_04b4&Pid_0101&MI_01&Col02#7&221dbd37&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\00000089"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_NERO&Prod_IMAGEDRIVE2&Rev_1.0h#1&2afd7d61&0&010#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Scsi\Imagedrv1Port0Path0Target1Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev1"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"

.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_NERO&Prod_IMAGEDRIVE2&Rev_1.0h#1&2afd7d61&0&010#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Scsi\Imagedrv1Port0Path0Target1Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_Maxtor_6&Prod_B100M0&Rev_BANC#4&20e8225d&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Scsi\viamraid1Port3Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S222A________________SB01____#5&35133b1c&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"

.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"

.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S222A________________SB01____#5&35133b1c&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"

.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"

.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev2"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#3&13c0b0c5&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"

.\debug.cpp(400) : Destination="\Device\00000062"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EDE772F-A6FD-4B0F-A213-0AD00C4923CD}"

.\debug.cpp(400) : Destination="\Device\{6EDE772F-A6FD-4B0F-A213-0AD00C4923CD}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{fc9a5155-e742-11dd-ad9b-000feae45432}"

.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"

.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"

.\debug.cpp(400) : Destination="\Device\ASWTDI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev3"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"

.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"

.\debug.cpp(400) : Destination="\Device\I2OExec"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"

.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#CdRom&Ven_YMAX&Prod_MagicJack&Rev_2.00#7&2551849&0&A9210506004905&1#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\0000008b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"

.\debug.cpp(400) : Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LogiUSBSta"

.\debug.cpp(400) : Destination="\Device\LogiUSBSta"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev4"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"

.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPX"

.\debug.cpp(400) : Destination="\Device\NdisWanIpx"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"

.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"

.\debug.cpp(400) : Destination="\Device\ConexantDiagnosticsServer"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"

.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev5"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"

.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"

.\debug.cpp(400) : Destination="\Device\CdRom2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"

.\debug.cpp(400) : Destination="\Device\Harddisk1\DR2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"

.\debug.cpp(400) : Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"

.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev6"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_50041458&REV_86#3&13c0b0c5&0&84#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"

.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&874e48c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"

.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"

.\debug.cpp(400) : Destination="\Device\Harddisk2\DR4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev7"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"

.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"

.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"

.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2"

.\debug.cpp(400) : Destination="\Device\CdRom2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"

.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"

.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0810&Pid_0001&Col01#7&21a6620c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c01d#7&2215b808&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_50041458&REV_81#3&13c0b0c5&0&83#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&32010cba&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"

.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"

.\debug.cpp(400) : Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9FDDA401-8B42-45AB-ABF7-6DB67E54C32F}"

.\debug.cpp(400) : Destination="\Device\{9FDDA401-8B42-45AB-ABF7-6DB67E54C32F}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0343&SUBSYS_00000000&REV_A1#4&26e5f5cd&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_04b4&Pid_0101&MI_00#7&1b9808b&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_06e6&Pid_c200#A9210506004905#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3149&SUBSYS_B0031458&REV_80#3&13c0b0c5&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"

.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_06e6&Pid_c200&MI_01#6&19df22a&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ewido_guard4"

.\debug.cpp(400) : Destination="\Device\ewido_guard4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0810&Pid_0001#6&12230fdf&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E18AB9A-39ED-4D79-9014-F781D2DFC1C9}"

.\debug.cpp(400) : Destination="\Device\{6E18AB9A-39ED-4D79-9014-F781D2DFC1C9}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{ed9e4ab8-099f-11da-ab5b-806d6172696f}"

.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"

.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_A0021458&REV_60#3&13c0b0c5&0&8D#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPX#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4"

.\debug.cpp(400) : Destination="\Device\AavmKer4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&429a231&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"

.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"

.\debug.cpp(400) : Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"

.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&16d80bd1&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c01d#6&12230fdf&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8A8DE3E4-1DB7-42C6-B89F-CCBE686CCBA6}"

.\debug.cpp(400) : Destination="\Device\{8A8DE3E4-1DB7-42C6-B89F-CCBE686CCBA6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_06e6&Pid_c200&MI_04#7&ed08ea8&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"

.\debug.cpp(400) : Destination="\Device\USNTracker"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_A0021458&REV_60#3&13c0b0c5&0&8D#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"

.\debug.cpp(400) : Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"

.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"

.\debug.cpp(400) : Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"

.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"

.\debug.cpp(400) : Destination="\Device\Scsi\Imagedrv1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\lirsgt"

.\debug.cpp(400) : Destination="\Device\lirsgt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4764944C-2464-47BE-92B1-55E491CD86DF}"

.\debug.cpp(400) : Destination="\Device\{4764944C-2464-47BE-92B1-55E491CD86DF}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#CdRom&Ven_YMAX&Prod_MagicJack&Rev_2.00#7&2551849&0&A9210506004905&1#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\0000008b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"

.\debug.cpp(400) : Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C503A937-426C-40DA-B8A0-A46EDF5987C7}"

.\debug.cpp(400) : Destination="\Device\{C503A937-426C-40DA-B8A0-A46EDF5987C7}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B336E603-D968-4F48-B689-B298266E987F}"

.\debug.cpp(400) : Destination="\Device\{B336E603-D968-4F48-B689-B298266E987F}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"

.\debug.cpp(400) : Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"

.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"

.\debug.cpp(400) : Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"

.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"

.\debug.cpp(400) : Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"

.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"

.\debug.cpp(400) : Destination="\Device\NdisWanBh"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"

.\debug.cpp(400) : Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"

.\debug.cpp(400) : Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"

.\debug.cpp(400) : Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{fc9a5154-e742-11dd-ad9b-000feae45432}"

.\debug.cpp(400) : Destination="\Device\CdRom2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}"

.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5CADDCF5-C047-4B55-8EED-F99ADBF7D463}"

.\debug.cpp(400) : Destination="\Device\{5CADDCF5-C047-4B55-8EED-F99ADBF7D463}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"

.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{ed9e4abb-099f-11da-ab5b-806d6172696f}"

.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0810&Pid_0001&Col02#7&21a6620c&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B6B172D5-0920-4FEC-BFEB-9EEA98E49D98}"

.\debug.cpp(400) : Destination="\Device\{B6B172D5-0920-4FEC-BFEB-9EEA98E49D98}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"

.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"

.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"

.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"

.\debug.cpp(400) : Destination="\Device\aswSP_Avar"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"

.\debug.cpp(400) : Destination="\Device\ASWRDR"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"

.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"

.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\recagentDevice0"

.\debug.cpp(400) : Destination="\Device\recagentDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3155fdee&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"

.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"

.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\atksgt"

.\debug.cpp(400) : Destination="\Device\atksgt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"

.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"

.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&23dc9030&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_A0021458&REV_60#3&13c0b0c5&0&8D#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"

.\debug.cpp(400) : Destination="\Device\DmControl\DmInfo"

.\debug.cpp(451) : **********************************************

.\boot_cleaner.cpp(729) : Dumping master boot sector of \\.\PhysicalDrive0...

.\boot_cleaner.cpp(734) :

.\debug.cpp(64) : 00000000: 31 c0 8e d8 8e c0 8e d0 bc 00 7c be 00 7c bf 00 | 1.........|..|..

.\debug.cpp(64) : 00000010: 06 b9 80 00 fc f3 66 a5 90 ea 1e 06 00 00 66 31 | ......f.......f1

.\debug.cpp(64) : 00000020: c0 be be 07 b1 04 90 66 39 44 08 72 08 66 8b 44 | .......f9D.r.f.D

.\debug.cpp(64) : 00000030: 08 66 03 44 0c 83 c6 10 83 2e 7d 06 04 e2 e8 66 | .f.D......}....f

.\debug.cpp(64) : 00000040: 09 c0 74 3e 66 83 c0 02 b9 40 00 bb 00 7c bf f9 | ..t>f....@...|..

.\debug.cpp(64) : 00000050: 06 83 2e 7d 06 04 e8 6c 00 72 27 66 68 83 c4 14 | ...}...l.r'fh...

.\debug.cpp(64) : 00000060: 90 fd fc 66 68 04 46 e2 f9 66 68 80 ff d7 30 66 | ...fh.F..fh...0f

.\debug.cpp(64) : 00000070: 68 89 c3 b9 00 66 68 be 00 7c 66 0f 83 81 75 90 | h....fh..|f...u.

.\debug.cpp(64) : 00000080: fc e8 be be 07 b1 04 80 3c 80 74 0f 38 2c 0f 85 | ........<.t.8,..

.\debug.cpp(64) : 00000090: 9f 00 83 c6 10 e2 f0 fd fc cd 18 66 8b 44 08 89 | ...........f.D..

.\debug.cpp(64) : 000000a0: e3 b9 01 00 e8 1e 00 73 0d 8b 4c 02 b8 01 02 cd | .......s..L.....

.\debug.cpp(64) : 000000b0: 13 90 0f 82 97 00 81 3e fe 7d 55 aa 0f 85 af 00 | .......>.}U.....

.\debug.cpp(64) : 000000c0: ea 00 7c 00 00 66 60 bb aa 55 b4 41 cd 13 73 04 | ..|..f`..U.A..s.

.\debug.cpp(64) : 000000d0: f9 66 61 c3 81 fb 55 aa 75 f6 f6 c1 01 74 f1 66 | .fa...U.u....t.f

.\debug.cpp(64) : 000000e0: 61 66 60 90 6a 00 6a 00 66 50 06 53 51 6a 10 b4 | af`.j.j.fP.SQj..

.\debug.cpp(64) : 000000f0: 42 89 e6 cd 13 61 66 61 c3 66 69 db fd 43 03 00 | B....afa.fi..C..

.\debug.cpp(64) : 00000100: 66 81 c3 c3 9e 26 00 66 89 d8 66 c1 e8 10 66 25 | f....&.f..f...f%

.\debug.cpp(64) : 00000110: ff 00 00 00 c3 66 91 66 51 66 50 66 59 66 58 5e | .....f.fQfPfYfX^

.\debug.cpp(64) : 00000120: ac 08 c0 74 fc 56 1e bb 07 00 b4 0e cd 10 1f eb | ...t.V..........

.\debug.cpp(64) : 00000130: e4 90 e8 e0 ff 49 6e 76 61 6c 69 64 20 70 61 72 | .....Invalid par

.\debug.cpp(64) : 00000140: 74 69 74 69 6f 6e 20 74 61 62 6c 65 00 e8 c5 ff | tition table....

.\debug.cpp(64) : 00000150: 45 72 72 6f 72 20 6c 6f 61 64 69 6e 67 20 6f 70 | Error loading op

.\debug.cpp(64) : 00000160: 65 72 61 74 69 6e 67 20 73 79 73 74 65 6d 00 fd | erating system..

.\debug.cpp(64) : 00000170: fc e8 a1 ff 4d 69 73 73 69 6e 67 20 6f 70 65 72 | ....Missing oper

.\debug.cpp(64) : 00000180: 61 74 69 6e 67 20 73 79 73 74 65 6d 00 00 00 00 | ating system....

.\debug.cpp(64) : 00000190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

.\debug.cpp(64) : 000001a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

.\debug.cpp(64) : 000001b0: 00 00 00 00 00 00 00 00 3f b5 3f b5 00 00 80 01 | ........?.?.....

.\debug.cpp(64) : 000001c0: 01 00 07 fe ff ff 3f 00 00 00 9c 6d ab 0b 00 00 | ......?....m....

.\debug.cpp(64) : 000001d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

.\debug.cpp(64) : 000001e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

.\debug.cpp(64) : 000001f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa | ..............U.

.\boot_cleaner.cpp(1242) : Done;

Link to post
Share on other sites

Delete that log and just double click on remover.exe to run it.

A log will appear on your desktop > copy and paste it back here.

~~~~~~~~~~~~~~~~~~~~~

Then please do this:

Download this file to your desktop:

http://ad13.geekstogo.com/MBRCheck_beta.exe

Double click on it and a txt file will appear on your desktop > copy and paste it back here.

MrC

Link to post
Share on other sites

.\debug.cpp(238) : Debug log started at 31.07.2010 - 13:09:21

.\boot_cleaner.cpp(675) : Bootkit Remover

.\boot_cleaner.cpp(676) : © 2009 eSage Lab

.\boot_cleaner.cpp(677) : www.esagelab.com

.\boot_cleaner.cpp(681) : Program version: 1.1.0.0

.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

.\debug.cpp(248) : **********************************************

.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********

.\debug.cpp(250) : **********************************************

.\debug.cpp(256) : 0x804d7000 0x001f8980 "\WINDOWS\system32\ntkrnlpa.exe"

.\debug.cpp(256) : 0x806d0000 0x00020300 "\WINDOWS\system32\hal.dll"

.\debug.cpp(256) : 0xf8ae3000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"

.\debug.cpp(256) : 0xf89f3000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"

.\debug.cpp(256) : 0xf84b4000 0x0002e000 "ACPI.sys"

.\debug.cpp(256) : 0xf8ae5000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"

.\debug.cpp(256) : 0xf84a3000 0x00011000 "pci.sys"

.\debug.cpp(256) : 0xf85e3000 0x0000a000 "isapnp.sys"

.\debug.cpp(256) : 0xf8ae7000 0x00002000 "viaide.sys"

.\debug.cpp(256) : 0xf8863000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"

.\debug.cpp(256) : 0xf85f3000 0x0000b000 "MountMgr.sys"

.\debug.cpp(256) : 0xf8484000 0x0001f000 "ftdisk.sys"

.\debug.cpp(256) : 0xf8ae9000 0x00002000 "dmload.sys"

.\debug.cpp(256) : 0xf845e000 0x00026000 "dmio.sys"

.\debug.cpp(256) : 0xf886b000 0x00005000 "PartMgr.sys"

.\debug.cpp(256) : 0xf8603000 0x0000d000 "VolSnap.sys"

.\debug.cpp(256) : 0xf8448000 0x00016000 "imagedrv.sys"

.\debug.cpp(256) : 0xf8430000 0x00018000 "\WINDOWS\system32\DRIVERS\SCSIPORT.SYS"

.\debug.cpp(256) : 0xf8418000 0x00018000 "atapi.sys"

.\debug.cpp(256) : 0xf8405000 0x00013000 "viasraid.sys"

.\debug.cpp(256) : 0xf83f2000 0x00013000 "viamraid.sys"

.\debug.cpp(256) : 0xf8613000 0x00009000 "disk.sys"

.\debug.cpp(256) : 0xf8623000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"

.\debug.cpp(256) : 0xf83d2000 0x00020000 "fltmgr.sys"

.\debug.cpp(256) : 0xf83c0000 0x00012000 "sr.sys"

.\debug.cpp(256) : 0xf8633000 0x00009000 "PxHelp20.sys"

.\debug.cpp(256) : 0xf83a9000 0x00017000 "KSecDD.sys"

.\debug.cpp(256) : 0xf831c000 0x0008d000 "Ntfs.sys"

.\debug.cpp(256) : 0xf82ef000 0x0002d000 "NDIS.sys"

.\debug.cpp(256) : 0xf89f7000 0x00004000 "RecAgent.sys"

.\debug.cpp(256) : 0xf82d5000 0x0001a000 "Mup.sys"

.\debug.cpp(256) : 0xf8643000 0x0000c000 "gagp30kx.sys"

.\debug.cpp(256) : 0xf7f6e000 0x00003000 "\SystemRoot\system32\DRIVERS\tunmp.sys"

.\debug.cpp(256) : 0xf79a2000 0x00009000 "\SystemRoot\System32\DRIVERS\processr.sys"

.\debug.cpp(256) : 0xf7562000 0x003d0000 "\SystemRoot\System32\DRIVERS\nv4_mini.sys"

.\debug.cpp(256) : 0xf754e000 0x00014000 "\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS"

.\debug.cpp(256) : 0xf7992000 0x0000b000 "\SystemRoot\System32\DRIVERS\imapi.sys"

.\debug.cpp(256) : 0xf7982000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"

.\debug.cpp(256) : 0xf7972000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"

.\debug.cpp(256) : 0xf752b000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys"

.\debug.cpp(256) : 0xf89b3000 0x00006000 "\SystemRoot\System32\DRIVERS\usbuhci.sys"

.\debug.cpp(256) : 0xf7507000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"

.\debug.cpp(256) : 0xf89bb000 0x00008000 "\SystemRoot\System32\DRIVERS\usbehci.sys"

.\debug.cpp(256) : 0xf72d6000 0x00231000 "\SystemRoot\system32\drivers\ALCXWDM.SYS"

.\debug.cpp(256) : 0xf72b2000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"

.\debug.cpp(256) : 0xf7952000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"

.\debug.cpp(256) : 0xf72a0000 0x00012000 "\SystemRoot\System32\DRIVERS\Rtlnicxp.sys"

.\debug.cpp(256) : 0xf89c3000 0x00007000 "\SystemRoot\System32\DRIVERS\fdc.sys"

.\debug.cpp(256) : 0xf8703000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"

.\debug.cpp(256) : 0xf7f66000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"

.\debug.cpp(256) : 0xf728c000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"

.\debug.cpp(256) : 0xf7f62000 0x00003000 "\SystemRoot\System32\DRIVERS\gameenum.sys"

.\debug.cpp(256) : 0xf8c0d000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"

.\debug.cpp(256) : 0xf8853000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"

.\debug.cpp(256) : 0xf8aaf000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"

.\debug.cpp(256) : 0xf664e000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"

.\debug.cpp(256) : 0xf8673000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"

.\debug.cpp(256) : 0xf86a3000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"

.\debug.cpp(256) : 0xf891b000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"

.\debug.cpp(256) : 0xf6626000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"

.\debug.cpp(256) : 0xf86c3000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"

.\debug.cpp(256) : 0xf8963000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"

.\debug.cpp(256) : 0xf8993000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"

.\debug.cpp(256) : 0xf61f6000 0x00030000 "\SystemRoot\System32\DRIVERS\rdpdr.sys"

.\debug.cpp(256) : 0xf8803000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"

.\debug.cpp(256) : 0xf897b000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"

.\debug.cpp(256) : 0xf893b000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"

.\debug.cpp(256) : 0xf8b89000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"

.\debug.cpp(256) : 0xf6198000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"

.\debug.cpp(256) : 0xf8acf000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"

.\debug.cpp(256) : 0xf7942000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"

.\debug.cpp(256) : 0xf69f4000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"

.\debug.cpp(256) : 0xeff70000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"

.\debug.cpp(256) : 0xef04a000 0x00005000 "\SystemRoot\System32\DRIVERS\flpydisk.sys"

.\debug.cpp(256) : 0xeeef2000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"

.\debug.cpp(256) : 0xeff24000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"

.\debug.cpp(256) : 0xefac6000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"

.\debug.cpp(256) : 0xeff22000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"

.\debug.cpp(256) : 0xef042000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"

.\debug.cpp(256) : 0xef03a000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"

.\debug.cpp(256) : 0xeff20000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"

.\debug.cpp(256) : 0xeff1e000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"

.\debug.cpp(256) : 0xef032000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"

.\debug.cpp(256) : 0xef02a000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"

.\debug.cpp(256) : 0xeeeea000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"

.\debug.cpp(256) : 0xee1bd000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"

.\debug.cpp(256) : 0xee164000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"

.\debug.cpp(256) : 0xef9ff000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"

.\debug.cpp(256) : 0xee13c000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"

.\debug.cpp(256) : 0xeeede000 0x00003000 "\SystemRoot\System32\drivers\ws2ifsl.sys"

.\debug.cpp(256) : 0xee11a000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"

.\debug.cpp(256) : 0xef9ef000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"

.\debug.cpp(256) : 0xef9df000 0x0000b000 "\SystemRoot\System32\Drivers\SCDEmu.SYS"

.\debug.cpp(256) : 0xee0c7000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"

.\debug.cpp(256) : 0xee02f000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"

.\debug.cpp(256) : 0xf08e8000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"

.\debug.cpp(256) : 0xee009000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"

.\debug.cpp(256) : 0xf08d8000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"

.\debug.cpp(256) : 0xef9d5000 0x00001000 "\??\C:\Program Files\ewido anti-spyware 4.0\guard.sys"

.\debug.cpp(256) : 0xedfe2000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"

.\debug.cpp(256) : 0xef012000 0x00006000 "\SystemRoot\System32\Drivers\Aavmker4.SYS"

.\debug.cpp(256) : 0xee112000 0x00003000 "\SystemRoot\System32\DRIVERS\hidusb.sys"

.\debug.cpp(256) : 0xf08c8000 0x00009000 "\SystemRoot\System32\DRIVERS\HIDCLASS.SYS"

.\debug.cpp(256) : 0xee210000 0x00007000 "\SystemRoot\System32\DRIVERS\USBSTOR.SYS"

.\debug.cpp(256) : 0xee0b7000 0x00003000 "\SystemRoot\System32\DRIVERS\mouhid.sys"

.\debug.cpp(256) : 0xee218000 0x00008000 "\SystemRoot\System32\DRIVERS\usbccgp.sys"

.\debug.cpp(256) : 0xecf5f000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"

.\debug.cpp(256) : 0xf5072000 0x00009000 "\SystemRoot\system32\drivers\LVUSBSta.sys"

.\debug.cpp(256) : 0xf5042000 0x0000f000 "\SystemRoot\system32\drivers\usbaudio.sys"

.\debug.cpp(256) : 0xee440000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"

.\debug.cpp(256) : 0xec796000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"

.\debug.cpp(256) : 0xf05a7000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"

.\debug.cpp(256) : 0xef9d7000 0x00004000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"

.\debug.cpp(256) : 0xec783000 0x00013000 "\SystemRoot\System32\Drivers\dump_viamraid.sys"

.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"

.\debug.cpp(256) : 0xefdf4000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"

.\debug.cpp(256) : 0xf1fa0000 0x00005000 "\SystemRoot\System32\watchdog.sys"

.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"

.\debug.cpp(256) : 0xf8c21000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"

.\debug.cpp(256) : 0xbf012000 0x00452000 "\SystemRoot\System32\nv4_disp.dll"

.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"

.\debug.cpp(256) : 0xf6804000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"

.\debug.cpp(256) : 0xba5ea000 0x00016000 "\SystemRoot\System32\DRIVERS\nwlnkipx.sys"

.\debug.cpp(256) : 0xf1ff0000 0x00010000 "\SystemRoot\System32\DRIVERS\nwlnknb.sys"

.\debug.cpp(256) : 0xee430000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"

.\debug.cpp(256) : 0xba5d3000 0x00017000 "\SystemRoot\System32\Drivers\aswMon2.SYS"

.\debug.cpp(256) : 0xee2d4000 0x0000e000 "\SystemRoot\System32\DRIVERS\nwlnkspx.sys"

.\debug.cpp(256) : 0xb9cce000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"

.\debug.cpp(256) : 0xef4c5000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"

.\debug.cpp(256) : 0xb9c79000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"

.\debug.cpp(256) : 0xf8af5000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"

.\debug.cpp(256) : 0xb9c0e000 0x00043000 "\SystemRoot\system32\DRIVERS\atksgt.sys"

.\debug.cpp(256) : 0xef1ae000 0x00005000 "\SystemRoot\system32\DRIVERS\lirsgt.sys"

.\debug.cpp(256) : 0xb9bc6000 0x00003000 "\SystemRoot\System32\DRIVERS\mdmxsdk.sys"

.\debug.cpp(256) : 0xf1f40000 0x0000a000 "\SystemRoot\System32\DRIVERS\secdrv.sys"

.\debug.cpp(256) : 0xef415000 0x00005000 "\SystemRoot\system32\Drivers\LVPr2Mon.sys"

.\debug.cpp(256) : 0xee220000 0x00008000 "\SystemRoot\System32\DRIVERS\nwlnkfwd.sys"

.\debug.cpp(256) : 0xb98de000 0x00004000 "\SystemRoot\System32\DRIVERS\nwlnkflt.sys"

.\debug.cpp(256) : 0xec7c2000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"

.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"

.\debug.cpp(263) : **********************************************

.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********

.\debug.cpp(308) : **********************************************

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"

.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"

.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04b4&Pid_0101#5&2ab15cf0&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_1604#MX18A6D233BH#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"

.\debug.cpp(400) : Destination="\Device\Scsi\viamraid1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"

.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"

.\debug.cpp(400) : Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"

.\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_50041458&REV_81#3&13c0b0c5&0&81#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"

.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"

.\debug.cpp(400) : Destination="\Device\aswSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10#3&13c0b0c5&0&98#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"

.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"

.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LogiProcMon2"

.\debug.cpp(400) : Destination="\Device\LogiProcMon2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"

.\debug.cpp(400) : Destination="\Device\aswSP_Pot2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"

.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_50041458&REV_81#3&13c0b0c5&0&82#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"

.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0bda&Pid_0158#20060413092100000#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"

.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"

.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"

.\debug.cpp(400) : Destination="\Device\Tun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_04b4&Pid_0101&MI_00#7&1b9808b&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON"

.\debug.cpp(400) : Destination="\Device\aswMon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"

.\debug.cpp(400) : Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_06e6&Pid_c200&MI_01#6&19df22a&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_04b4&Pid_0101&MI_01&Col01#7&221dbd37&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\00000088"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S222A________________SB01____#5&35133b1c&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"

.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_50041458&REV_81#3&13c0b0c5&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPB02F#3&13c0b0c5&0#{cae56030-684a-11d0-d6f6-00a0c90f57da}"

.\debug.cpp(400) : Destination="\Device\00000063"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"

.\debug.cpp(400) : Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_06e6&Pid_c200&MI_01#6&19df22a&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1f475c15&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_1a40&Pid_0101#5&298b8892&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_YMAX&Prod_MagicJack&Rev_2.00#7&2551849&0&A9210506004905&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\0000008a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&16d80bd1&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&2323ffb6&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"

.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c01d#7&2215b808&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_A0021458&REV_60#3&13c0b0c5&0&8D#{dda54a40-1e4c-11d1-a050-405705c10000}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_Multi-Card&Rev_1.00#20060413092100000&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&33bc18fa&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\FloppyPDO0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"

.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"

.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{79ef96c8-a489-11db-8023-000feae45432}"

.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_28#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"

.\debug.cpp(400) : Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM2"

.\debug.cpp(400) : Destination="\Device\Serial1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev0"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_1604#MX18A6D233BH#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"

.\debug.cpp(400) : Destination="\Device\USBPDO-11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&23dc9030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"

.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev1"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_NERO&Prod_IMAGEDRIVE2&Rev_1.0h#1&2afd7d61&0&010#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Scsi\Imagedrv1Port0Path0Target1Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_04b4&Pid_0101&MI_01&Col02#7&221dbd37&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\00000089"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureB53FB53FOffset7E00Length1756DB3800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bf20e221-60ed-11de-aee9-000feae45432}"

.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bea252bc-c003-11de-b9c5-806d6172696f}"

.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"

.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EDE772F-A6FD-4B0F-A213-0AD00C4923CD}"

.\debug.cpp(400) : Destination="\Device\{6EDE772F-A6FD-4B0F-A213-0AD00C4923CD}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#3&13c0b0c5&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"

.\debug.cpp(400) : Destination="\Device\00000062"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev2"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"

.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"

.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S222A________________SB01____#5&35133b1c&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"

.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S222A________________SB01____#5&35133b1c&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"

.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_Maxtor_6&Prod_B100M0&Rev_BANC#4&20e8225d&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Scsi\viamraid1Port3Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_NERO&Prod_IMAGEDRIVE2&Rev_1.0h#1&2afd7d61&0&010#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Scsi\Imagedrv1Port0Path0Target1Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"

.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"

.\debug.cpp(400) : Destination="\Device\I2OExec"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"

.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev3"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"

.\debug.cpp(400) : Destination="\Device\ASWTDI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"

.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{fc9a5155-e742-11dd-ad9b-000feae45432}"

.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPX"

.\debug.cpp(400) : Destination="\Device\NdisWanIpx"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"

.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev4"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LogiUSBSta"

.\debug.cpp(400) : Destination="\Device\LogiUSBSta"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"

.\debug.cpp(400) : Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#CdRom&Ven_YMAX&Prod_MagicJack&Rev_2.00#7&2551849&0&A9210506004905&1#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\0000008b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"

.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"

.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev5"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"

.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"

.\debug.cpp(400) : Destination="\Device\ConexantDiagnosticsServer"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"

.\debug.cpp(400) : Destination="\Device\CdRom2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"

.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&874e48c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"

.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_50041458&REV_86#3&13c0b0c5&0&84#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev6"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"

.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"

.\debug.cpp(400) : Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"

.\debug.cpp(400) : Destination="\Device\Harddisk1\DR2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"

.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"

.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCDEmuDev7"

.\debug.cpp(400) : Destination="\Device\SCDEmu\SCDEmuCd7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"

.\debug.cpp(400) : Destination="\Device\Harddisk2\DR4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"

.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2"

.\debug.cpp(400) : Destination="\Device\CdRom2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"

.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"

.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"

.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&32010cba&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_50041458&REV_81#3&13c0b0c5&0&83#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c01d#7&2215b808&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0810&Pid_0001&Col01#7&21a6620c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"

.\debug.cpp(400) : Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0343&SUBSYS_00000000&REV_A1#4&26e5f5cd&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9FDDA401-8B42-45AB-ABF7-6DB67E54C32F}"

.\debug.cpp(400) : Destination="\Device\{9FDDA401-8B42-45AB-ABF7-6DB67E54C32F}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3149&SUBSYS_B0031458&REV_80#3&13c0b0c5&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_06e6&Pid_c200#A9210506004905#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_04b4&Pid_0101&MI_00#7&1b9808b&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"

.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E18AB9A-39ED-4D79-9014-F781D2DFC1C9}"

.\debug.cpp(400) : Destination="\Device\{6E18AB9A-39ED-4D79-9014-F781D2DFC1C9}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0810&Pid_0001#6&12230fdf&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ewido_guard4"

.\debug.cpp(400) : Destination="\Device\ewido_guard4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_06e6&Pid_c200&MI_01#6&19df22a&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"

.\debug.cpp(400) : Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"

.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&429a231&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4"

.\debug.cpp(400) : Destination="\Device\AavmKer4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPX#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_A0021458&REV_60#3&13c0b0c5&0&8D#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"

.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{ed9e4ab8-099f-11da-ab5b-806d6172696f}"

.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8A8DE3E4-1DB7-42C6-B89F-CCBE686CCBA6}"

.\debug.cpp(400) : Destination="\Device\{8A8DE3E4-1DB7-42C6-B89F-CCBE686CCBA6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c01d#6&12230fdf&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&16d80bd1&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"

.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"

.\debug.cpp(400) : Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_A0021458&REV_60#3&13c0b0c5&0&8D#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"

.\debug.cpp(400) : Destination="\Device\USNTracker"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_06e6&Pid_c200&MI_04#7&ed08ea8&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"

.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"

.\debug.cpp(400) : Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"

.\debug.cpp(400) : Destination="\Device\Scsi\Imagedrv1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"

.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4764944C-2464-47BE-92B1-55E491CD86DF}"

.\debug.cpp(400) : Destination="\Device\{4764944C-2464-47BE-92B1-55E491CD86DF}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\lirsgt"

.\debug.cpp(400) : Destination="\Device\lirsgt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B336E603-D968-4F48-B689-B298266E987F}"

.\debug.cpp(400) : Destination="\Device\{B336E603-D968-4F48-B689-B298266E987F}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C503A937-426C-40DA-B8A0-A46EDF5987C7}"

.\debug.cpp(400) : Destination="\Device\{C503A937-426C-40DA-B8A0-A46EDF5987C7}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"

.\debug.cpp(400) : Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#CdRom&Ven_YMAX&Prod_MagicJack&Rev_2.00#7&2551849&0&A9210506004905&1#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\0000008b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"

.\debug.cpp(400) : Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"

.\debug.cpp(400) : Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"

.\debug.cpp(400) : Destination="\Device\NdisWanBh"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"

.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"

.\debug.cpp(400) : Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"

.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"

.\debug.cpp(400) : Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"

.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"

.\debug.cpp(400) : Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"

.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"

.\debug.cpp(400) : Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"

.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5CADDCF5-C047-4B55-8EED-F99ADBF7D463}"

.\debug.cpp(400) : Destination="\Device\{5CADDCF5-C047-4B55-8EED-F99ADBF7D463}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}"

.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{fc9a5154-e742-11dd-ad9b-000feae45432}"

.\debug.cpp(400) : Destination="\Device\CdRom2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{ed9e4abb-099f-11da-ab5b-806d6172696f}"

.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"

.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"

.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B6B172D5-0920-4FEC-BFEB-9EEA98E49D98}"

.\debug.cpp(400) : Destination="\Device\{B6B172D5-0920-4FEC-BFEB-9EEA98E49D98}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0810&Pid_0001&Col02#7&21a6620c&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"

.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\recagentDevice0"

.\debug.cpp(400) : Destination="\Device\recagentDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"

.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"

.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"

.\debug.cpp(400) : Destination="\Device\ASWRDR"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"

.\debug.cpp(400) : Destination="\Device\aswSP_Avar"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&23dc9030&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"

.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"

.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\atksgt"

.\debug.cpp(400) : Destination="\Device\atksgt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"

.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"

.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3155fdee&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_A0021458&REV_60#3&13c0b0c5&0&8D#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"

.\debug.cpp(400) : Destination="\Device\DmControl\DmInfo"

.\debug.cpp(451) : **********************************************

.\boot_cleaner.cpp(1077) : System volume is \\.\C:

.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

.\boot_cleaner.cpp(424) : Boot sector MD5 is: 5f7721761f677686b557a8f39cb31ec5

.\boot_cleaner.cpp(1151) :

.\boot_cleaner.cpp(1152) : Size Device Name MBR Status

.\boot_cleaner.cpp(1153) : --------------------------------------------

.\boot_cleaner.cpp(1197) : 93 GB \\.\PhysicalDrive0 Unknown boot code

.\boot_cleaner.cpp(1203) :

.\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks.

.\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector:

.\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file]

.\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command:

.\boot_cleaner.cpp(1217) : remover.exe fix <device_name>

.\boot_cleaner.cpp(1220) :

.\boot_cleaner.cpp(1242) : Done;

I don't know looks like the same thing to me?

Link to post
Share on other sites

here's the log with the betaMBR

MBRCheck, version 1.2.2

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001dd

Kernel Drivers (total 140):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D0000 \WINDOWS\system32\hal.dll

0xF8AE3000 \WINDOWS\system32\KDCOM.DLL

0xF89F3000 \WINDOWS\system32\BOOTVID.dll

0xF84B4000 ACPI.sys

0xF8AE5000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xF84A3000 pci.sys

0xF85E3000 isapnp.sys

0xF8AE7000 viaide.sys

0xF8863000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF85F3000 MountMgr.sys

0xF8484000 ftdisk.sys

0xF8AE9000 dmload.sys

0xF845E000 dmio.sys

0xF886B000 PartMgr.sys

0xF8603000 VolSnap.sys

0xF8448000 imagedrv.sys

0xF8430000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

0xF8418000 atapi.sys

0xF8405000 viasraid.sys

0xF83F2000 viamraid.sys

0xF8613000 disk.sys

0xF8623000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF83D2000 fltmgr.sys

0xF83C0000 sr.sys

0xF8633000 PxHelp20.sys

0xF83A9000 KSecDD.sys

0xF831C000 Ntfs.sys

0xF82EF000 NDIS.sys

0xF89F7000 RecAgent.sys

0xF82D5000 Mup.sys

0xF8643000 gagp30kx.sys

0xF7F6E000 \SystemRoot\system32\DRIVERS\tunmp.sys

0xF79A2000 \SystemRoot\System32\DRIVERS\processr.sys

0xF7562000 \SystemRoot\System32\DRIVERS\nv4_mini.sys

0xF754E000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

0xF7992000 \SystemRoot\System32\DRIVERS\imapi.sys

0xF7982000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF7972000 \SystemRoot\System32\DRIVERS\redbook.sys

0xF752B000 \SystemRoot\System32\DRIVERS\ks.sys

0xF89B3000 \SystemRoot\System32\DRIVERS\usbuhci.sys

0xF7507000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF89BB000 \SystemRoot\System32\DRIVERS\usbehci.sys

0xF72D6000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xF72B2000 \SystemRoot\system32\drivers\portcls.sys

0xF7952000 \SystemRoot\system32\drivers\drmk.sys

0xF72A0000 \SystemRoot\System32\DRIVERS\Rtlnicxp.sys

0xF89C3000 \SystemRoot\System32\DRIVERS\fdc.sys

0xF8703000 \SystemRoot\System32\DRIVERS\serial.sys

0xF7F66000 \SystemRoot\System32\DRIVERS\serenum.sys

0xF728C000 \SystemRoot\System32\DRIVERS\parport.sys

0xF7F62000 \SystemRoot\System32\DRIVERS\gameenum.sys

0xF8C0D000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF8853000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xF8AAF000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xF664E000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF8673000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF86A3000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF891B000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF6626000 \SystemRoot\System32\DRIVERS\psched.sys

0xF86C3000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xF8963000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF8993000 \SystemRoot\System32\DRIVERS\raspti.sys

0xF61F6000 \SystemRoot\System32\DRIVERS\rdpdr.sys

0xF8803000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF897B000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xF893B000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF8B89000 \SystemRoot\System32\DRIVERS\swenum.sys

0xF6198000 \SystemRoot\System32\DRIVERS\update.sys

0xF8ACF000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF7942000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF69F4000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xEFF70000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xEF04A000 \SystemRoot\System32\DRIVERS\flpydisk.sys

0xEEEF2000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xEFF24000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xEFAC6000 \SystemRoot\System32\Drivers\Null.SYS

0xEFF22000 \SystemRoot\System32\Drivers\Beep.SYS

0xEF042000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xEF03A000 \SystemRoot\System32\drivers\vga.sys

0xEFF20000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xEFF1E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xEF032000 \SystemRoot\System32\Drivers\Msfs.SYS

0xEF02A000 \SystemRoot\System32\Drivers\Npfs.SYS

0xEEEEA000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xEE1BD000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xEE164000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xEF9FF000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xEE13C000 \SystemRoot\System32\DRIVERS\netbt.sys

0xEEEDE000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xEE11A000 \SystemRoot\System32\drivers\afd.sys

0xEF9EF000 \SystemRoot\System32\DRIVERS\netbios.sys

0xEF9DF000 \SystemRoot\System32\Drivers\SCDEmu.SYS

0xEE0C7000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xEE02F000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xF08E8000 \SystemRoot\System32\Drivers\Fips.SYS

0xEE009000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xF08D8000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xEF9D5000 \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys

0xEDFE2000 \SystemRoot\System32\Drivers\aswSP.SYS

0xEF012000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xEE112000 \SystemRoot\System32\DRIVERS\hidusb.sys

0xF08C8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS

0xEE210000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS

0xEE0B7000 \SystemRoot\System32\DRIVERS\mouhid.sys

0xEE218000 \SystemRoot\System32\DRIVERS\usbccgp.sys

0xECF5F000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xF5072000 \SystemRoot\system32\drivers\LVUSBSta.sys

0xF5042000 \SystemRoot\system32\drivers\usbaudio.sys

0xEE440000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xEC796000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xF05A7000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xEF9D7000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0xEC783000 \SystemRoot\System32\Drivers\dump_viamraid.sys

0xBF800000 \SystemRoot\System32\win32k.sys

0xEFDF4000 \SystemRoot\System32\drivers\Dxapi.sys

0xF1FA0000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF8C21000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xF6804000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0xBA5EA000 \SystemRoot\System32\DRIVERS\nwlnkipx.sys

0xF1FF0000 \SystemRoot\System32\DRIVERS\nwlnknb.sys

0xEE430000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xBA5D3000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xEE2D4000 \SystemRoot\System32\DRIVERS\nwlnkspx.sys

0xB9CCE000 \SystemRoot\system32\drivers\wdmaud.sys

0xEF4C5000 \SystemRoot\system32\drivers\sysaudio.sys

0xB9C79000 \SystemRoot\System32\DRIVERS\mrxdav.sys

0xF8AF5000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xB9C0E000 \SystemRoot\system32\DRIVERS\atksgt.sys

0xEF1AE000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0xB9BC6000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys

0xF1F40000 \SystemRoot\System32\DRIVERS\secdrv.sys

0xEF415000 \SystemRoot\system32\Drivers\LVPr2Mon.sys

0xEE220000 \SystemRoot\System32\DRIVERS\nwlnkfwd.sys

0xB98DE000 \SystemRoot\System32\DRIVERS\nwlnkflt.sys

0xEC7C2000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):

0 System Idle Process

4 System

568 C:\WINDOWS\system32\smss.exe

616 csrss.exe

640 C:\WINDOWS\system32\winlogon.exe

684 C:\WINDOWS\system32\services.exe

696 C:\WINDOWS\system32\lsass.exe

856 C:\WINDOWS\system32\svchost.exe

912 svchost.exe

984 C:\WINDOWS\system32\svchost.exe

1040 svchost.exe

1108 svchost.exe

1272 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1672 C:\WINDOWS\system32\spoolsv.exe

1824 C:\WINDOWS\explorer.exe

700 svchost.exe

1028 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

1096 C:\Program Files\ewido anti-spyware 4.0\guard.exe

1156 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe

1304 C:\Program Files\Common Files\Java\Java Update\jusched.exe

1384 C:\Program Files\Java\jre6\bin\jqs.exe

1740 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

1952 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

2040 C:\WINDOWS\system32\slserv.exe

1176 C:\WINDOWS\system32\svchost.exe

228 C:\Program Files\OpenOffice.org 3\program\soffice.exe

288 C:\Program Files\OpenOffice.org 3\program\soffice.bin

2088 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

2512 alg.exe

2692 C:\WINDOWS\system32\wuauclt.exe

3548 C:\Program Files\Mozilla Firefox\firefox.exe

2700 C:\Program Files\Mozilla Firefox\plugin-container.exe

3936 C:\WINDOWS\system32\notepad.exe

1560 C:\Documents and Settings\Ziehos\Desktop\MBRCheck_beta.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!

SHA1: 174A471DEC3845E68C0B0BEB7C5722AD5367A371

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.