1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Pop up Re. Control Messages

Discussion in 'Malware and Virus Removal Archive' started by mindplayer45, 2011/05/13.

Page 2 of 4
  1. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Sorry about the second post didn't realise we were on page two:)
     
    mindplayer45,
    #21
  2. 2011/05/14
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    By the way, I can get access to Windows update now, couldn't do before.
     
    mindplayer45,
    #22


  3. to hide this advert.

  4. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good job :)

    Make sure to disable "word wrap" in Notepad as it makes logs harder to read.

    See, if Combofix will run now.
     
    broni,
    #23
  5. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We posted at the same time, so I want to make sure, you saw my last reply...
     
    broni,
    #24
  6. 2011/05/15
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Hi Broni, here is the ComboFix Log. Sorry id it is hard to read I had to email from the laptop to my my desk top. Hope everything is fine now.
    ComboFix 11-05-14.01 - Joydy Miller 15/05/2011 17:24:32.1.1 - x86 Microsoft® Windows Vista™ Home Premium
    6.0.6002.2.1252.61.1033.18.1915.947 [GMT 10:00] Running from: C:\Users\Joydy Miller\Desktop\dmiller.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    /wow section - STAGE 48
    SED: can't read temp1505: No such file or directory The system cannot find the path specified.
    'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command
    SED: can't read CuRun.dmp: No such file or directory
    SED: can't read CuRun.dmp: No such file or directory 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command
    SED: can't read temp2400: No such file or directory 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command
    SED: can't read C:\Qoobox\Quarantine\Registry_backups\tcpip.reg: No such file or directory 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command
    SED: can't read StartMenuInternet00: No such file or directory 'SWREG' is not recognized as an internal or external command
    SED: can't read PersistentRoutes00: No such file or directory 'SWREG' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'SWREG' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command The system cannot find the file temp4700.
    The system cannot find the file temp4700.
    'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command The system cannot find the file temp4700.
    'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command

    /wow section - STAGE 49
    'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command 'PEV' is not recognized as an internal or external command

    /wow section - STAGE 50
    'PEV' is not recognized as an internal or external command

    /wow section not completed
     
    mindplayer45,
    #25
  7. 2011/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks strange.
    Please, try to re-run Combofix.
     
    broni,
    #26
  8. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, disable "word wrap" in Notepad and repost your Combofix log.
    It's very hard for me to read.
    You can find the log in: C:\combofix.txt
     
    broni,
    #27
  9. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It's still wrong.
    Open Notepad, click on "Format" tab and make sure "Word Wrap" is UN-checked.
    Open combofix.txt again, copy all content and paste it into your next reply.
     
    broni,
    #28
  10. 2011/05/16
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Hi Broni, this recent post does not look much different to to the previous one. I definately took it of Word wrap.

    Dave
     
    mindplayer45,
    #29
  11. 2011/05/16
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Ok this from the laptop with word wrap off....
    ComboFix 11-05-15.04 - Joydy Miller 16/05/2011 17:17:12.2.1 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1915.889 [GMT 10:00]
    Running from: c:\users\Joydy Miller\Desktop\dmiller.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Joydy Miller\AppData\Local\{AEECD910-0E68-4FA7-9F12-93A4A65875CE}
    c:\users\Joydy Miller\AppData\Local\{AEECD910-0E68-4FA7-9F12-93A4A65875CE}\chrome\content\overlay.xul
    c:\users\Joydy Miller\AppData\Local\{AEECD910-0E68-4FA7-9F12-93A4A65875CE}\install.rdf
    .
    .
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-16 07:26 . 2011-05-16 07:26 -------- d-----w- c:\users\Joydy Miller\AppData\Local\temp
    2011-05-16 07:26 . 2011-05-16 07:26 -------- d-----w- c:\users\jbparrawest\AppData\Local\temp
    2011-05-16 07:26 . 2011-05-16 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-16 07:14 . 2011-05-16 07:15 -------- d-----w- C:\32788R22FWJFW
    2011-05-15 20:34 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA13429A-2F0E-471B-974C-53E526BD9E10}\mpengine.dll
    2011-05-15 02:26 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-05-15 02:26 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
    2011-05-15 02:26 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-05-15 02:26 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-05-15 02:26 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-05-15 02:26 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-05-15 02:26 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-05-15 02:26 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-05-15 02:26 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-05-15 02:26 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-05-15 02:26 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-05-14 23:01 . 2011-05-14 23:42 -------- d-----w- C:\dmiller
    2011-05-14 05:54 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-14 05:54 . 2011-05-14 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-14 05:54 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-13 07:51 . 2007-03-09 01:35 365056 ----a-w- c:\program files\Mozilla Firefox\plugins\npupd62.dll
    2011-05-13 07:51 . 2006-02-22 22:16 45056 ----a-w- c:\program files\Mozilla Firefox\plugins\upd62int.dll
    2011-05-13 07:51 . 2006-02-22 22:16 34048 ----a-w- c:\program files\Mozilla Firefox\plugins\upd62i9x.dll
    2011-05-12 10:50 . 2011-02-02 11:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-05-12 10:50 . 2011-02-02 11:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-12 10:50 . 2011-05-12 10:51 -------- d-----w- c:\programdata\IObit
    2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\Application Updater
    2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\IObit Toolbar
    2011-05-12 10:45 . 2011-05-12 10:45 -------- d-----w- c:\program files\Common Files\Spigot
    2011-05-12 10:44 . 2011-05-13 23:13 -------- d-----w- c:\users\Joydy Miller\AppData\Roaming\IObit
    2011-05-12 10:44 . 2011-02-23 06:52 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-05-12 10:44 . 2011-02-23 06:52 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-04-22 12:31 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-04-20 10:55 . 2011-04-20 10:55 -------- d-----w- c:\programdata\WindowsSearch
    2011-04-20 08:07 . 2011-05-16 07:13 -------- d-----w- c:\programdata\STOPzilla!
    2011-04-16 08:59 . 2010-11-30 01:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-04-16 08:59 . 2010-11-30 01:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C429D693-0BA9-4711-B7D5-440BEF5D1891}\gapaengine.dll
    2011-04-16 08:39 . 2011-04-16 08:40 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-16 08:39 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-04-16 07:37 . 2010-10-17 22:41 6146896 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6625AB83-FC8D-4EBC-9673-ABB8D01697B9}\mpengine.dll
    2011-04-16 07:34 . 2011-05-12 06:54 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
    2011-04-16 07:34 . 2011-05-12 06:54 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-04-16 07:34 . 2011-05-12 06:54 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-04-16 07:34 . 2011-05-12 06:54 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
    2011-04-16 07:34 . 2011-05-12 06:54 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-04-16 07:34 . 2011-05-12 06:54 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-04-16 07:34 . 2011-05-12 06:54 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-04-16 07:34 . 2011-05-12 06:54 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-04-16 07:34 . 2011-05-12 06:54 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-04-16 07:34 . 2011-05-12 06:54 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-07 09:11 . 2011-04-03 10:36 0 ----a-w- c:\users\Joydy Miller\AppData\Local\Eruwe.bin
    2011-03-03 15:40 . 2011-05-15 02:25 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-05-15 02:25 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-05-15 02:25 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-05-15 02:25 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13 . 2011-03-23 00:55 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-23 00:55 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-23 00:55 797696 ----a-w- c:\windows\system32\FntCache.dll
    2006-02-22 22:16 . 2011-05-13 07:51 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
    2006-02-22 22:16 . 2011-05-13 07:51 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
    2011-05-12 06:54 . 2011-04-16 07:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-08-06 12:05 . 2009-12-10 08:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
    "Advanced SystemCare 4 "= "c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
    "Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "RtHDVCpl "= "RtHDVCpl.exe" [2008-04-08 6037504]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-08-06 12:05 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
    2011-04-27 02:55 532320 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
    .
    R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-06 30192]
    R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
    S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
    S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
    S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
    S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
    S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-04-27 393112]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Joydy Miller\AppData\Roaming\Mozilla\Firefox\Profiles\d185yt4v.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
    FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-16 17:26
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????v??Miz????>???>???>? >?H
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    Completion time: 2011-05-16 17:29:32
    ComboFix-quarantined-files.txt 2011-05-16 07:29
    .
    Pre-Run: 98,425,229,312 bytes free
    Post-Run: 98,089,750,528 bytes free
    .
    - - End Of File - - D89C4428459CF62B8EFBB35764418DB5
     
    mindplayer45,
    #30
  12. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Perfect. Hold on....
     
    broni,
    #31
  13. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Stopzilla, if it's listed in "Programs & Features ".
    If it's not, let me know.
    It's a program with rather shady reputation.

    Uninstall Advanced SystemCare 4.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ===================================================

    Re-run Bootkit Remover and post fresh log.
     
    broni,
    #32
  14. 2011/05/16
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    [Active] Pop up Re. Control Messages

    Hi Broni
    I had uninstalled Stopzilla, as when Combofix restarts the laptop Stopzilla also restarts, probably why Combofix log looked wierd. I will uninstall Advanced Care and run the Bootkit Remover log when I get home this afternoon(about 5pm AEST.) Thanks for the tip about the Registry Cleaner, I will discontinue. What about Stopzilla?? The laptop also has MSE and MalawareBytes so they can replace Stopzilla.
    Whats the weather like over there??

    Dave
     
    mindplayer45,
    #33
  15. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    The weather is really ugly since Saturday. Cold, showers, hail, wind, you name it.

    We'll get rid of Stopzilla leftovers with our next tools.
     
    broni,
    #34
  16. 2011/05/16
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    It is very cold overnight here, but beautiful and sunny during the day.
     
    mindplayer45,
    #35
  17. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Where are you located?
     
    broni,
    #36
  18. 2011/05/16
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Sydney, Australia.
     
    mindplayer45,
    #37
  19. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Wave to my friend in Brisbane :)
     
    broni,
    #38
  20. 2011/05/16
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    OK done:)
     
    mindplayer45,
    #39
  21. 2011/05/17
    mindplayer45

    mindplayer45 Inactive Thread Starter

    Joined:
    2006/09/23
    Messages:
    63
    Likes Received:
    0
    Bootkit Remover Log, laptop is more responsive now and no crazy messages although I seem to have Internet windows popping up that I never selected, like clocking on previous
    pages here. But when I close them my intended page is there. It is like it opens another tab on top of the one I am on,put is actually another page on top of this one. Anyway to the logs.....\debug.cpp(238) : Debug log started at 17.05.2011 - 07:13:59
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.0
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x82216000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe "
    .\debug.cpp(256) : 0x825d0000 0x00033000 "\SystemRoot\system32\hal.dll "
    .\debug.cpp(256) : 0x8060c000 0x00007000 "\SystemRoot\system32\kdcom.dll "
    .\debug.cpp(256) : 0x80613000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll "
    .\debug.cpp(256) : 0x80683000 0x00011000 "\SystemRoot\system32\PSHED.dll "
    .\debug.cpp(256) : 0x80694000 0x00008000 "\SystemRoot\system32\BOOTVID.dll "
    .\debug.cpp(256) : 0x8069c000 0x00041000 "\SystemRoot\system32\CLFS.SYS "
    .\debug.cpp(256) : 0x806dd000 0x000e0000 "\SystemRoot\system32\CI.dll "
    .\debug.cpp(256) : 0x807bd000 0x0000e000 "\SystemRoot\system32\DRIVERS\szkg.sys "
    .\debug.cpp(256) : 0x807cb000 0x0000d000 "\SystemRoot\system32\drivers\szkgfs.sys "
    .\debug.cpp(256) : 0x87801000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys "
    .\debug.cpp(256) : 0x8787d000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS "
    .\debug.cpp(256) : 0x8788a000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys "
    .\debug.cpp(256) : 0x878d0000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS "
    .\debug.cpp(256) : 0x878d9000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys "
    .\debug.cpp(256) : 0x878e1000 0x00027000 "\SystemRoot\system32\drivers\pci.sys "
    .\debug.cpp(256) : 0x87908000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys "
    .\debug.cpp(256) : 0x87917000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys "
    .\debug.cpp(256) : 0x8791a000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS "
    .\debug.cpp(256) : 0x87924000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys "
    .\debug.cpp(256) : 0x87933000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys "
    .\debug.cpp(256) : 0x8797d000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys "
    .\debug.cpp(256) : 0x8798d000 0x00007000 "\SystemRoot\system32\DRIVERS\pciide.sys "
    .\debug.cpp(256) : 0x87994000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS "
    .\debug.cpp(256) : 0x87a05000 0x000ce000 "\SystemRoot\system32\DRIVERS\iaStor.sys "
    .\debug.cpp(256) : 0x87ad3000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys "
    .\debug.cpp(256) : 0x87adb000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS "
    .\debug.cpp(256) : 0x87af9000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys "
    .\debug.cpp(256) : 0x87b03000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys "
    .\debug.cpp(256) : 0x87b35000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys "
    .\debug.cpp(256) : 0x87b45000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys "
    .\debug.cpp(256) : 0x87c04000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys "
    .\debug.cpp(256) : 0x87d0f000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys "
    .\debug.cpp(256) : 0x87d3a000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS "
    .\debug.cpp(256) : 0x87e04000 0x000ed000 "\SystemRoot\System32\drivers\tcpip.sys "
    .\debug.cpp(256) : 0x87ef1000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys "
    .\debug.cpp(256) : 0x88000000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys "
    .\debug.cpp(256) : 0x88110000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys "
    .\debug.cpp(256) : 0x88149000 0x00005000 "\SystemRoot\system32\DRIVERS\TVALZ_O.SYS "
    .\debug.cpp(256) : 0x8814e000 0x00043000 "\SystemRoot\system32\DRIVERS\tos_sps32.sys "
    .\debug.cpp(256) : 0x88191000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys "
    .\debug.cpp(256) : 0x88199000 0x00007000 "\SystemRoot\System32\Drivers\SmartDefragDriver.sys "
    .\debug.cpp(256) : 0x881a0000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys "
    .\debug.cpp(256) : 0x881af000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys "
    .\debug.cpp(256) : 0x881d6000 0x00011000 "\SystemRoot\system32\drivers\disk.sys "
    .\debug.cpp(256) : 0x87f0c000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS "
    .\debug.cpp(256) : 0x881e7000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys "
    .\debug.cpp(256) : 0x87d75000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys "
    .\debug.cpp(256) : 0x87d80000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys "
    .\debug.cpp(256) : 0x87d89000 0x00008000 "\SystemRoot\system32\DRIVERS\FwLnk.sys "
    .\debug.cpp(256) : 0x87d91000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys "
    .\debug.cpp(256) : 0x87ffb000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys "
    .\debug.cpp(256) : 0x8c006000 0x006e4000 "\SystemRoot\system32\DRIVERS\igdkmd32.sys "
    .\debug.cpp(256) : 0x8c6ea000 0x000a0000 "\SystemRoot\System32\drivers\dxgkrnl.sys "
    .\debug.cpp(256) : 0x8c78a000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys "
    .\debug.cpp(256) : 0x8c796000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys "
    .\debug.cpp(256) : 0x8c7a1000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS "
    .\debug.cpp(256) : 0x8c7df000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
    .\debug.cpp(256) : 0x8b80c000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys "
    .\debug.cpp(256) : 0x8b899000 0x00021000 "\SystemRoot\system32\DRIVERS\Rtlh86.sys "
    .\debug.cpp(256) : 0x8b8ba000 0x000e4000 "\SystemRoot\system32\DRIVERS\athr.sys "
    .\debug.cpp(256) : 0x8b99e000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys "
    .\debug.cpp(256) : 0x8b9b1000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys "
    .\debug.cpp(256) : 0x8b9bc000 0x0002f000 "\SystemRoot\system32\DRIVERS\SynTP.sys "
    .\debug.cpp(256) : 0x8b9eb000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS "
    .\debug.cpp(256) : 0x8b9ed000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys "
    .\debug.cpp(256) : 0x8b800000 0x0000a000 "\SystemRoot\system32\DRIVERS\tdcmdpst.sys "
    .\debug.cpp(256) : 0x87da0000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys "
    .\debug.cpp(256) : 0x87db8000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys "
    .\debug.cpp(256) : 0x87bb6000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys "
    .\debug.cpp(256) : 0x8c7ee000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS "
    .\debug.cpp(256) : 0x87de7000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys "
    .\debug.cpp(256) : 0x879a2000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys "
    .\debug.cpp(256) : 0x879ad000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys "
    .\debug.cpp(256) : 0x879d0000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys "
    .\debug.cpp(256) : 0x879df000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys "
    .\debug.cpp(256) : 0x807e6000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys "
    .\debug.cpp(256) : 0x8bc07000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys "
    .\debug.cpp(256) : 0x8bc17000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys "
    .\debug.cpp(256) : 0x8bc19000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys "
    .\debug.cpp(256) : 0x8bc43000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys "
    .\debug.cpp(256) : 0x8bc4d000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys "
    .\debug.cpp(256) : 0x8bc5a000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys "
    .\debug.cpp(256) : 0x8bc8f000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
    .\debug.cpp(256) : 0x8c800000 0x001ff000 "\SystemRoot\system32\drivers\RTKVHDA.sys "
    .\debug.cpp(256) : 0x8bca0000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys "
    .\debug.cpp(256) : 0x8bccd000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys "
    .\debug.cpp(256) : 0x8bcf2000 0x0003e000 "\SystemRoot\system32\DRIVERS\HSXHWAZL.sys "
    .\debug.cpp(256) : 0x8ca09000 0x00103000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys "
    .\debug.cpp(256) : 0x8cb0c000 0x000b5000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys "
    .\debug.cpp(256) : 0x8cbc1000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys "
    .\debug.cpp(256) : 0x8cbce000 0x00027000 "\SystemRoot\system32\DRIVERS\MpFilter.sys "
    .\debug.cpp(256) : 0x8cbf5000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
    .\debug.cpp(256) : 0x8ca00000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS "
    .\debug.cpp(256) : 0x8bd30000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS "
    .\debug.cpp(256) : 0x8bd37000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys "
    .\debug.cpp(256) : 0x8bd43000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS "
    .\debug.cpp(256) : 0x8bd64000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
    .\debug.cpp(256) : 0x8bd6c000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys "
    .\debug.cpp(256) : 0x8bd74000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS "
    .\debug.cpp(256) : 0x8bd7f000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS "
    .\debug.cpp(256) : 0x8bd8d000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys "
    .\debug.cpp(256) : 0x8bd96000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys "
    .\debug.cpp(256) : 0x8bdac000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys "
    .\debug.cpp(256) : 0x8bdde000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys "
    .\debug.cpp(256) : 0x8ce08000 0x00048000 "\SystemRoot\system32\drivers\afd.sys "
    .\debug.cpp(256) : 0x8ce50000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys "
    .\debug.cpp(256) : 0x8ce66000 0x00005000 "\SystemRoot\system32\DRIVERS\jswpslwf.sys "
    .\debug.cpp(256) : 0x8ce6b000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys "
    .\debug.cpp(256) : 0x8ce79000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys "
    .\debug.cpp(256) : 0x8ce8c000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys "
    .\debug.cpp(256) : 0x8cec8000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys "
    .\debug.cpp(256) : 0x8ced2000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys "
    .\debug.cpp(256) : 0x8cee9000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys "
    .\debug.cpp(256) : 0x8cef6000 0x000ce000 "\SystemRoot\System32\Drivers\dump_iaStor.sys "
    .\debug.cpp(256) : 0x8cfc4000 0x00015000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS "
    .\debug.cpp(256) : 0x8cfd9000 0x00014000 "\SystemRoot\system32\drivers\RTSTOR.SYS "
    .\debug.cpp(256) : 0x8cfed000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys "
    .\debug.cpp(256) : 0x881f0000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS "
    .\debug.cpp(256) : 0x8cff6000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS "
    .\debug.cpp(256) : 0x8bdf2000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbprint.sys "
    .\debug.cpp(256) : 0x8ce00000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
    .\debug.cpp(256) : 0x958b0000 0x00204000 "\SystemRoot\System32\win32k.sys "
    .\debug.cpp(256) : 0x87f2d000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys "
    .\debug.cpp(256) : 0x87f37000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys "
    .\debug.cpp(256) : 0x95ad0000 0x00009000 "\SystemRoot\System32\TSDDD.dll "
    .\debug.cpp(256) : 0x95af0000 0x0000e000 "\SystemRoot\System32\cdd.dll "
    .\debug.cpp(256) : 0x87f46000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys "
    .\debug.cpp(256) : 0x87f61000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS "
    .\debug.cpp(256) : 0xab40b000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys "
    .\debug.cpp(256) : 0xab4bb000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys "
    .\debug.cpp(256) : 0xab4cb000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys "
    .\debug.cpp(256) : 0xab4de000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys "
    .\debug.cpp(256) : 0xab54b000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys "
    .\debug.cpp(256) : 0xab568000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys "
    .\debug.cpp(256) : 0xab581000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys "
    .\debug.cpp(256) : 0xab596000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys "
    .\debug.cpp(256) : 0xab5b7000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys "
    .\debug.cpp(256) : 0x87f89000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys "
    .\debug.cpp(256) : 0xab5d6000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys "
    .\debug.cpp(256) : 0x87fc2000 0x00028000 "\SystemRoot\System32\DRIVERS\srv2.sys "
    .\debug.cpp(256) : 0xabc0e000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv.sys "
    .\debug.cpp(256) : 0xabc5d000 0x00012000 "\SystemRoot\system32\DRIVERS\ipfltdrv.sys "
    .\debug.cpp(256) : 0xabc6f000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys "
    .\debug.cpp(256) : 0xabc73000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys "
    .\debug.cpp(256) : 0xabd51000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS "
    .\debug.cpp(256) : 0xabd5b000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys "
    .\debug.cpp(256) : 0xabd8e000 0x00008000 "\SystemRoot\system32\DRIVERS\xaudio.sys "
    .\debug.cpp(256) : 0xabd96000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys "
    .\debug.cpp(256) : 0xabdac000 0x00002000 "\??\C:\Windows\system32\Drivers\PROCEXP113.SYS "
    .\debug.cpp(256) : 0xabdae000 0x00008000 "\??\C:\Users\JOYDYM~1\AppData\Local\Temp\catchme.sys "
    .\debug.cpp(256) : 0xabdbd000 0x0000a000 "\SystemRoot\system32\DRIVERS\MpNWMon.sys "
    .\debug.cpp(256) : 0xabdc7000 0x0000c000 "\SystemRoot\system32\DRIVERS\NisDrvWFP.sys "
    .\debug.cpp(256) : 0xabde5000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys "
    .\debug.cpp(256) : 0xabdee000 0x00006000 "\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A1CED0A-0876-472B-85E4-5FC95B375813}\MpKsl6b5f58bf.sys "
    .\debug.cpp(256) : 0x76fe0000 0x00128000 "\Windows\System32\ntdll.dll "
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\00000062 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{27e8d218-2b7f-11de-be0d-806e6f6e6963} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
    .\debug.cpp(400) : Destination "\Device\Ndis "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NisDrv "
    .\debug.cpp(400) : Destination "\Device\NisDrv "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0924&PID_3CE9#RBM845813.......#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-11 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
    .\debug.cpp(400) : Destination "\Device\Video0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&376c961d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000037 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000038 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000035 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
    .\debug.cpp(400) : Destination "\Device\Video1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
    .\debug.cpp(400) : Destination "\Device\0000003d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0AC45E08-2D40-443D-AAF9-848350A5289B} "
    .\debug.cpp(400) : Destination "\Device\NDMP4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
    .\debug.cpp(400) : Destination "\Device\Video2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&289a75b2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1 "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000036 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
    .\debug.cpp(400) : Destination "\Device\Video3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9} "
    .\debug.cpp(400) : Destination "\Device\NDMP9 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2 "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tos_sps32 "
    .\debug.cpp(400) : Destination "\Device\tos_sps32 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice "
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0 "
    .\debug.cpp(400) : Destination "\Device\Tun0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
    .\debug.cpp(400) : Destination "\Device\Video4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62} "
    .\debug.cpp(400) : Destination "\Device\NDMP5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3 "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl "
    .\debug.cpp(400) : Destination "\Device\VolMgrControl "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f} "
    .\debug.cpp(400) : Destination "\Device\00000062 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ880AS________________1.50____#4&939d6c5&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4 "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1df46ccc&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000003d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_FF661179&REV_03#3&21436425&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a} "
    .\debug.cpp(400) : Destination "\Device\0000004b "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5 "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature3BDF9ABAOffset22D5900000Length26DA00000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery "
    .\debug.cpp(400) : Destination "\Device\CompositeBattery "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6 "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ880AS________________1.50____#4&939d6c5&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice "
    .\debug.cpp(400) : Destination "\Device\SpDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{ca00db36-2b7f-11de-b28b-806e6f6e6963} "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature3BDF9ABAOffset100000Length5DC00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7 "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\XAudio "
    .\debug.cpp(400) : Destination "\Device\XAudio "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth "
    .\debug.cpp(400) : Destination "\Device\PEAuth "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
    .\debug.cpp(400) : Destination "\Device\NamedPipe "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature3BDF9ABAOffset5DD00000Length2277C00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8 "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
    .\debug.cpp(400) : Destination "\Device\Winachsf0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
    .\debug.cpp(400) : Destination "\Device\00000045 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_FF661179&REV_03#3&21436425&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
    .\debug.cpp(400) : Destination "\Device\Mup "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched "
    .\debug.cpp(400) : Destination "\Device\Psched "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3363b53f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000003d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmartDefragDevice "
    .\debug.cpp(400) : Destination "\Device\SmartDefragDevice "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\00000048 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp "
    .\debug.cpp(400) : Destination "\Device\Tcp "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_FF661179&REV_03#3&21436425&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvaldx "
    .\debug.cpp(400) : Destination "\Device\TVALZ "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\0000004d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPFILTERDRIVER "
    .\debug.cpp(400) : Destination "\Device\IPFILTERDRIVER "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&7989e7a&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\00000055 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
    .\debug.cpp(400) : Destination "\Device\0000006b "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8B085B79-8D8D-489E-8BFE-08BCA6601261} "
    .\debug.cpp(400) : Destination "\Device\NDMP1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000002 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer "
    .\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
    .\debug.cpp(400) : Destination "\DosDevices\LPT1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000003d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000003d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_FF661179&REV_03#3&21436425&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
    .\debug.cpp(400) : Destination "\Device\CdRom0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
    .\debug.cpp(400) : Destination "\Device\00000040 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
    .\debug.cpp(400) : Destination "\Device\FsWrap "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\0000003d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
    .\debug.cpp(400) : Destination "\Device\0000006d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000} "
    .\debug.cpp(400) : Destination "\Device\00000062 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000039 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-4 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\00000041 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\JSWPSLWF "
    .\debug.cpp(400) : Destination "\Device\JSWPSLWF "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
    .\debug.cpp(400) : Destination "\GLOBAL?? "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000035 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\00000005 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvalz "
    .\debug.cpp(400) : Destination "\Device\TVALZ "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG: "
    .\debug.cpp(400) : Destination "\clfs "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\0000003a "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPL017D#4&368f15a&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7} "
    .\debug.cpp(400) : Destination "\Device\0000006b "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71D7C445-F328-4585-A4E7-BD5B4DDAB5E4} "
    .\debug.cpp(400) : Destination "\Device\NDMP11 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
    .\debug.cpp(400) : Destination "\Device\Secdrv "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_0158#20071114173400000#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-9 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7 "
    .\debug.cpp(400) : Destination "\Device\USBFDO-7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_FF661179&REV_03#3&21436425&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\00000047 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e} "
    .\debug.cpp(400) : Destination "\Device\00000062 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&6f0d718&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0 "
    .\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_FF661179&REV_03#3&21436425&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\catchme "
    .\debug.cpp(400) : Destination "\Device\catchme "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000038 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C05F#6&2ec8cb17&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\00000069 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\0000003a "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{338F7AB3-5400-42C1-BFF4-B492AA57832F} "
    .\debug.cpp(400) : Destination "\Device\NDMP2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
    .\debug.cpp(400) : Destination "\Device\MountPointManager "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS543216L9SA00_________________FB2OC43C#4&939d6c5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
    .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000034 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1913#4&7989e7a&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\00000056 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0924&PID_3CE9#RBM845813.......#{28d78fad-5a12-11d1-ae5b-0000f803a8c2} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-11 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP "
    .\debug.cpp(400) : Destination "\Device\00000063 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000036 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi "
    .\debug.cpp(400) : Destination "\Device\Nsi "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{541EFF09-BA28-42D1-A0BB-9342062D7CAE} "
    .\debug.cpp(400) : Destination "\Device\NDMP12 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
    .\debug.cpp(400) : Destination "\Device\WANARP "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_FF671179&REV_07#3&21436425&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C05F#5&3b8cf8a8&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-10 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&146364ce&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-5 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl "
    .\debug.cpp(400) : Destination "\Device\PartmgrControl "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice "
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPL017D#4&368f15a&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8} "
    .\debug.cpp(400) : Destination "\Device\0000006b "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F} "
    .\debug.cpp(400) : Destination "\Device\NDMP10 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\00000034 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\0000003d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev "
    .\debug.cpp(400) : Destination "\Device\WFP "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
    .\debug.cpp(400) : Destination "\Device\NDMP7 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC "
    .\debug.cpp(400) : Destination "\Device\ASYNCMAC "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6 "
    .\debug.cpp(400) : Destination "\Device\WANARPV6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
    .\debug.cpp(400) : Destination "\Device\Ide\iaStor0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E0ADAF9-F430-40C8-9FBC-352257C4D2FA} "
    .\debug.cpp(400) : Destination "\Device\NDMP3 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
    .\debug.cpp(400) : Destination "\Device\0000006c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpKsl6b5f58bf "
    .\debug.cpp(400) : Destination "\Device\MpKsl6b5f58bf "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000039 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01#4&c8c337f&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_FF661179&REV_02#4&30b2ce1&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\iS3Filter "
    .\debug.cpp(400) : Destination "\FileSystem\Filters\iS3Filter "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F10000&REV_1000#4&1a28025e&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4} "
    .\debug.cpp(400) : Destination "\Device\00000063 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&310a2809&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
    .\debug.cpp(400) : Destination "\Device\0000003d "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01#4&c8c337f&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tdcmdpst "
    .\debug.cpp(400) : Destination "\Device\tdcmdpst "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
    .\debug.cpp(400) : Destination "\Device\NdisWan "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
    .\debug.cpp(400) : Destination "\Device\AscKmd "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
    .\debug.cpp(400) : Destination "\Device\RaidPort0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0 "
    .\debug.cpp(400) : Destination "\Device\MICH_AZ0 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH "
    .\debug.cpp(400) : Destination "\Device\NDMP6 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MSProcess "
    .\debug.cpp(400) : Destination "\Device\MSProcess "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice "
    .\debug.cpp(400) : Destination "\Device\MPS "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvald "
    .\debug.cpp(400) : Destination "\Device\TVALZ "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\00000062 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1c601f8b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
    .\debug.cpp(400) : Destination "\Device\USBPDO-1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_FF661179&REV_03#3&21436425&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IecFwExt "
    .\debug.cpp(400) : Destination "\Device\IecFwExt "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
    .\debug.cpp(400) : Destination "\Device\VolMgrControl "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{27e8d219-2b7f-11de-be0d-806e6f6e6963} "
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_FF671179&REV_07#3&21436425&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
    .\debug.cpp(400) : Destination "\Device\MailSlot "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
    .\debug.cpp(400) : Destination "\DosDevices\COM1 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF66&REV_1000#4&1a28025e&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
    .\debug.cpp(400) : Destination "\Device\00000062 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6 "
    .\debug.cpp(400) : Destination "\Device\NDMP8 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
    .\debug.cpp(400) : Destination " "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C05F#6&2ec8cb17&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
    .\debug.cpp(400) : Destination "\Device\00000069 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv "
    .\debug.cpp(400) : Destination "\Device\SstpDrv "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\0000003c "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
    .\debug.cpp(400) : Destination "\Device\Null "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_FF661179&REV_02#4&30b2ce1&0&00E0#{cac88484-7515-4c03-82e6-71a87abac361} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvalg "
    .\debug.cpp(400) : Destination "\Device\TVALZ "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP "
    .\debug.cpp(400) : Destination "\Device\SynTP "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle "
    .\debug.cpp(400) : Destination "\Device\WfpAle "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
    .\debug.cpp(400) : Destination "\Device\0000003b "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F10000&REV_1000#4&1a28025e&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42} "
    .\debug.cpp(400) : Destination "\Device\00000063 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
    .\debug.cpp(400) : Destination "\Device\00000037 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PROCEXP113 "
    .\debug.cpp(400) : Destination "\Device\PROCEXP113 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_FF661179&REV_03#3&21436425&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013 "
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
    .\debug.cpp(400) : Destination "\Device\00000049 "
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
    .\boot_cleaner.cpp(1060) :
    .\boot_cleaner.cpp(1061) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1062) : --------------------------------------------
    .\boot_cleaner.cpp(1106) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1112) :
    .\boot_cleaner.cpp(1151) : Done;
     
    mindplayer45,
    #40
Page 2 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...