Win32/Nuqel.E and Bankerfox.A

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Win32/Nuqel.E and Bankerfox.A

Post by ipaultexas on Tue 20 Jul 2010, 3:50 pm

First topic message reminder :

I have both of the viruses listed above on my laptop. I cant do anything with my computer without pop ups saying i have infected files pop up to the point where I can not execute and file . The only thing that seems to be unaffected is mozilla firefox. .I can not run any spyware or removal programs or access my control panel. I also have internet explorer popping up with ad sites.

ipaultexas

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-07-20
Operating System : Windows Xp

View user profile

Back to top Go down


Re: Win32/Nuqel.E and Bankerfox.A

Post by ipaultexas on Tue 27 Jul 2010, 4:44 am

Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

CreateFile() ERROR 2
ERROR: Can't open physical disk device.

Done;
Press any key to quit...

ipaultexas

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-07-20
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by ipaultexas on Tue 27 Jul 2010, 4:48 am

.\debug.cpp(238) : Debug log started at 26.07.2010 - 17:43:49
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : [You must be registered and logged in to see this link.]
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf8972000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf8882000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf8343000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf8974000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf8332000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf8472000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf8482000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf8492000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf8886000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xf888a000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xf8a3a000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf86f2000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf8314000 0x0001e000 "pcmcia.sys"
.\debug.cpp(256) : 0xf84a2000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf82f5000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf8976000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf82cf000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf86fa000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf888e000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xf8a3b000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xf84b2000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf82b7000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf81e1000 0x000d6000 "iaStor.sys"
.\debug.cpp(256) : 0xf84c2000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf84d2000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf81c1000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf81af000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf8198000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf810b000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf80de000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf80c4000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf8572000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xf7acc000 0x0011e000 "\SystemRoot\system32\DRIVERS\ialmnt5.sys"
.\debug.cpp(256) : 0xf7ab8000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf7a90000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xf78ef000 0x001a1000 "\SystemRoot\system32\DRIVERS\NETw3x32.sys"
.\debug.cpp(256) : 0xf8802000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xf78cb000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf880a000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf8562000 0x0000c000 "\SystemRoot\system32\DRIVERS\bcm4sbxp.sys"
.\debug.cpp(256) : 0xf78b7000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf8582000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf8812000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf881a000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf8592000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf85a2000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf85b2000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf7894000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf8822000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xf8034000 0x00003000 "\SystemRoot\system32\DRIVERS\cpqbttn.sys"
.\debug.cpp(256) : 0xf7c7a000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xf882a000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xf8030000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xf802c000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xf7876000 0x0001e000 "\SystemRoot\system32\DRIVERS\dne2000.sys"
.\debug.cpp(256) : 0xf7c6a000 0x0000a000 "\SystemRoot\system32\DRIVERS\dsNcAdpt.sys"
.\debug.cpp(256) : 0xf89f2000 0x00002000 "\SystemRoot\system32\DRIVERS\serscan.sys"
.\debug.cpp(256) : 0xf8baf000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf89f4000 0x00002000 "\SystemRoot\System32\Drivers\RootMdm.sys"
.\debug.cpp(256) : 0xf8832000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xf7c5a000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf8024000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf785f000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf7c4a000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf7c3a000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf883a000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf784e000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf85d2000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf87d2000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf87da000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf7245000 0x0000a000 "\SystemRoot\system32\DRIVERS\net6im51.sys"
.\debug.cpp(256) : 0xf87e2000 0x00007000 "\SystemRoot\system32\DRIVERS\RimSerial.sys"
.\debug.cpp(256) : 0xf87ea000 0x00005000 "\SystemRoot\system32\DRIVERS\swivspnt.sys"
.\debug.cpp(256) : 0xf371e000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xf7235000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf897c000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf3698000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf6684000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf6680000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xf7225000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xa9225000 0x0002f000 "\SystemRoot\system32\drivers\ADIHdAud.sys"
.\debug.cpp(256) : 0xa9201000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf46f4000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa91db000 0x00026000 "\SystemRoot\system32\drivers\AEAudio.sys"
.\debug.cpp(256) : 0xa90c9000 0x00112000 "\SystemRoot\system32\DRIVERS\AGRSM.sys"
.\debug.cpp(256) : 0xf89b0000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xa5cdb000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xa4c60000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xa5c2f000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xa4c5e000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf686f000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xa4c5c000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xa4c5a000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf6867000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf685f000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xa5d39000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xa4b82000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xa4b29000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xf4802000 0x00005000 "\SystemRoot\System32\Drivers\tcpipBM.SYS"
.\debug.cpp(256) : 0xa4b03000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xa4adb000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xa5d25000 0x00003000 "\SystemRoot\System32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0xa4ab9000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xa5ccb000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xa4c58000 0x00002000 "\SystemRoot\system32\DRIVERS\eabfiltr.sys"
.\debug.cpp(256) : 0xa4a8e000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xa4a1e000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xa5cbb000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xa49be000 0x00060000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
.\debug.cpp(256) : 0xa5c5b000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xa48e8000 0x000d6000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa5208000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xa5704000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf9c4000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf8ad5000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xf46b4000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xbf9e5000 0x00022000 "\SystemRoot\System32\ialmdnt5.dll"
.\debug.cpp(256) : 0xbf9d6000 0x0000f000 "\SystemRoot\System32\ialmrnt5.dll"
.\debug.cpp(256) : 0xbfa07000 0x0003b000 "\SystemRoot\System32\ialmdev5.DLL"
.\debug.cpp(256) : 0xbfa42000 0x000f0000 "\SystemRoot\System32\ialmdd5.DLL"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xf4601000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa4790000 0x00090000 "\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys"
.\debug.cpp(256) : 0xa46c1000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa4660000 0x00011000 "\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS"
.\debug.cpp(256) : 0xa4537000 0x00011000 "\??\C:\Program Files\Symantec\SYMEVENT.SYS"
.\debug.cpp(256) : 0xf8ad1000 0x00001000 "\??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys"
.\debug.cpp(256) : 0xa44f9000 0x0003e000 "\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys"
.\debug.cpp(256) : 0xa43b7000 0x00142000 "\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091129.002\NAVEX15.sys"
.\debug.cpp(256) : 0xa43a3000 0x00014000 "\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091129.002\NAVENG.sys"
.\debug.cpp(256) : 0xa40e6000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xa417b000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa3746000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xa35b3000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.

ipaultexas

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-07-20
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by ipaultexas on Tue 27 Jul 2010, 4:49 am

\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{953ad796-1f97-4aac-b0c3-24ea46dfc091}"
.\debug.cpp(400) : Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM12"
.\debug.cpp(400) : Destination="\Device\swivspser3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EABFiltr"
.\debug.cpp(400) : Destination="\Device\EABFiltr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&14c67f6c&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&fe74385&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{953ad796-1f97-4aac-b0c3-24ea46dfc091}"
.\debug.cpp(400) : Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30A2&REV_1002#4&599da60&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\000000b7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) : Destination="\Device\SymEvent"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0002#{ba9afdaa-aa82-45be-be4b-348ba04f1a92}"
.\debug.cpp(400) : Destination="\Device\0000005a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Net6IM"
.\debug.cpp(400) : Destination="\Device\Net6IM"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CVPNDRVA"
.\debug.cpp(400) : Destination="\Device\CVPNDRVA"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{57708EE9-A291-4F90-B078-B8CFCAC38AE2}"
.\debug.cpp(400) : Destination="\Device\{57708EE9-A291-4F90-B078-B8CFCAC38AE2}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0004#{ba9afdaa-aa82-45be-be4b-348ba04f1a92}"
.\debug.cpp(400) : Destination="\Device\0000005c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A0A2FB12-45B7-4C87-9128-197EF0C0112D}"
.\debug.cpp(400) : Destination="\Device\{A0A2FB12-45B7-4C87-9128-197EF0C0112D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8D69AA1B-B3C5-44D5-9668-B80FA3C517D0}"
.\debug.cpp(400) : Destination="\Device\{8D69AA1B-B3C5-44D5-9668-B80FA3C517D0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FA648130-05A9-45C6-8F8F-7E4CE5333000}"
.\debug.cpp(400) : Destination="\Device\{FA648130-05A9-45C6-8F8F-7E4CE5333000}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#5&1e8dc1e5&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination="\Device\0000009a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET6_FILTERMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000055"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DSNCADP"
.\debug.cpp(400) : Destination="\Device\DSNCADP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#IMAGE#0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\0000000c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8F6787C5-CDE4-4100-BE0C-1B3D26FFA0FD}"
.\debug.cpp(400) : Destination="\Device\{8F6787C5-CDE4-4100-BE0C-1B3D26FFA0FD}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_30A2103C&REV_01#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ0_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000075"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CED8A540-52D9-4A0B-A91E-EA9ED77942A6}"
.\debug.cpp(400) : Destination="\Device\{CED8A540-52D9-4A0B-A91E-EA9ED77942A6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET6_FILTERMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803A&SUBSYS_30A2103C&REV_00#4&2ec23395&0&31F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination="\Device\AgereModem5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination="\Device\NAVEX15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28738126&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Sierra Wireless AirCard HSDPA Modem"
.\debug.cpp(400) : Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ1_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\bmksa"
.\debug.cpp(400) : Destination="\Device\bmksa"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET6_FILTERMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{20c982f3-743b-11db-9c5d-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{524FEB52-47DB-4E3E-BEB8-3115E520F541}"
.\debug.cpp(400) : Destination="\Device\{524FEB52-47DB-4E3E-BEB8-3115E520F541}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30A2&REV_1002#4&599da60&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000b7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Agere Systems HDA Modem"
.\debug.cpp(400) : Destination="\Device\000000b8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\swivspser0"
.\debug.cpp(400) : Destination="\Device\swivspser0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination="\Device\EraserCtrlDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_30A2103C&REV_01#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30A2&REV_1002#4&599da60&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\000000b7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\swivspser1"
.\debug.cpp(400) : Destination="\Device\swivspser1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM7"
.\debug.cpp(400) : Destination="\??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_30A2103C&REV_01#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET6_FILTERMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\swivspser2"
.\debug.cpp(400) : Destination="\Device\swivspser2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM8"
.\debug.cpp(400) : Destination="\??\Root#PORTS#0001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureC40DC40DOffset7E00LengthDF96EA200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVAP"
.\debug.cpp(400) : Destination="\Device\NAVAP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\swivspser3"
.\debug.cpp(400) : Destination="\Device\swivspser3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM9"
.\debug.cpp(400) : Destination="\Device\swivspser0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ2_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000077"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28738126&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AF723207-CE0C-46F4-BE51-91AD4D3A2A7A}"
.\debug.cpp(400) : Destination="\Device\{AF723207-CE0C-46F4-BE51-91AD4D3A2A7A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{29318163-FB0C-4245-9E91-E517431E70E6}"
.\debug.cpp(400) : Destination="\Device\{29318163-FB0C-4245-9E91-E517431E70E6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination="\Device\NAVENG"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST96812AS_______________________________7.24____#4&240338f0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IAAStorageDevice-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&21716c3c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0001#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0"
.\debug.cpp(400) : Destination="\Device\Pcmcia0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DE02DE63-9920-4B39-921E-61AC7690252F}"
.\debug.cpp(400) : Destination="\Device\{DE02DE63-9920-4B39-921E-61AC7690252F}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVAPEL"
.\debug.cpp(400) : Destination="\Device\NAVAPEL"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\bmknet"
.\debug.cpp(400) : Destination="\Device\bmknet"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#6&2ed097c1&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3a248226&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{52FB8A8E-33CC-4D85-89A3-C85B5C7C99B1}"
.\debug.cpp(400) : Destination="\Device\{52FB8A8E-33CC-4D85-89A3-C85B5C7C99B1}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_103C30A2&REV_1007#4&599da60&0&0101#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\000000b8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30A2&REV_1002#4&599da60&0&0001#{56907941-3afe-11d4-ae2c-00a0cc242d2c}"
.\debug.cpp(400) : Destination="\Device\000000b7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{20c982f2-743b-11db-9c5d-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{77497CE0-A0E1-4D74-8731-BB129D536D3C}"
.\debug.cpp(400) : Destination="\Device\{77497CE0-A0E1-4D74-8731-BB129D536D3C}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000b5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{06736BFF-A0E1-4F40-8542-40230ABE5988}"
.\debug.cpp(400) : Destination="\Device\{06736BFF-A0E1-4F40-8542-40230ABE5988}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A6AA9A40-A968-47B7-A5EE-0011DF405E8B}"
.\debug.cpp(400) : Destination="\Device\{A6AA9A40-A968-47B7-A5EE-0011DF405E8B}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilter"
.\debug.cpp(400) : Destination="\Device\DsdaFilter"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A6&SUBSYS_30A2103C&REV_03#3&b1bfb68&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{673F78BE-2C02-4DA1-89D3-22E4623AE0AB}"
.\debug.cpp(400) : Destination="\Device\{673F78BE-2C02-4DA1-89D3-22E4623AE0AB}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30A2&REV_1002#4&599da60&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000b7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DSNCADPT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ3_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000078"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_30A2103C&REV_01#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :

ipaultexas

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-07-20
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by ipaultexas on Tue 27 Jul 2010, 4:51 am

Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803A&SUBSYS_30A2103C&REV_00#4&2ec23395&0&31F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination="\Device\AgereModem5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination="\Device\NAVEX15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28738126&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Sierra Wireless AirCard HSDPA Modem"
.\debug.cpp(400) : Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ1_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\bmksa"
.\debug.cpp(400) : Destination="\Device\bmksa"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET6_FILTERMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{20c982f3-743b-11db-9c5d-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{524FEB52-47DB-4E3E-BEB8-3115E520F541}"
.\debug.cpp(400) : Destination="\Device\{524FEB52-47DB-4E3E-BEB8-3115E520F541}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30A2&REV_1002#4&599da60&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000b7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Agere Systems HDA Modem"
.\debug.cpp(400) : Destination="\Device\000000b8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\swivspser0"
.\debug.cpp(400) : Destination="\Device\swivspser0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination="\Device\EraserCtrlDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_30A2103C&REV_01#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30A2&REV_1002#4&599da60&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\000000b7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\swivspser1"
.\debug.cpp(400) : Destination="\Device\swivspser1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM7"
.\debug.cpp(400) : Destination="\??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_30A2103C&REV_01#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET6_FILTERMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\swivspser2"
.\debug.cpp(400) : Destination="\Device\swivspser2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM8"
.\debug.cpp(400) : Destination="\??\Root#PORTS#0001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureC40DC40DOffset7E00LengthDF96EA200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVAP"
.\debug.cpp(400) : Destination="\Device\NAVAP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\swivspser3"
.\debug.cpp(400) : Destination="\Device\swivspser3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM9"
.\debug.cpp(400) : Destination="\Device\swivspser0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ2_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000077"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28738126&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AF723207-CE0C-46F4-BE51-91AD4D3A2A7A}"
.\debug.cpp(400) : Destination="\Device\{AF723207-CE0C-46F4-BE51-91AD4D3A2A7A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{29318163-FB0C-4245-9E91-E517431E70E6}"
.\debug.cpp(400) : Destination="\Device\{29318163-FB0C-4245-9E91-E517431E70E6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination="\Device\NAVENG"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST96812AS_______________________________7.24____#4&240338f0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IAAStorageDevice-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&21716c3c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0001#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0"
.\debug.cpp(400) : Destination="\Device\Pcmcia0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DE02DE63-9920-4B39-921E-61AC7690252F}"
.\debug.cpp(400) : Destination="\Device\{DE02DE63-9920-4B39-921E-61AC7690252F}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVAPEL"
.\debug.cpp(400) : Destination="\Device\NAVAPEL"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\bmknet"
.\debug.cpp(400) : Destination="\Device\bmknet"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#6&2ed097c1&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3a248226&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{52FB8A8E-33CC-4D85-89A3-C85B5C7C99B1}"
.\debug.cpp(400) : Destination="\Device\{52FB8A8E-33CC-4D85-89A3-C85B5C7C99B1}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_103C30A2&REV_1007#4&599da60&0&0101#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\000000b8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30A2&REV_1002#4&599da60&0&0001#{56907941-3afe-11d4-ae2c-00a0cc242d2c}"
.\debug.cpp(400) : Destination="\Device\000000b7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{20c982f2-743b-11db-9c5d-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{77497CE0-A0E1-4D74-8731-BB129D536D3C}"
.\debug.cpp(400) : Destination="\Device\{77497CE0-A0E1-4D74-8731-BB129D536D3C}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000b5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{06736BFF-A0E1-4F40-8542-40230ABE5988}"
.\debug.cpp(400) : Destination="\Device\{06736BFF-A0E1-4F40-8542-40230ABE5988}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A6AA9A40-A968-47B7-A5EE-0011DF405E8B}"
.\debug.cpp(400) : Destination="\Device\{A6AA9A40-A968-47B7-A5EE-0011DF405E8B}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilter"
.\debug.cpp(400) : Destination="\Device\DsdaFilter"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A6&SUBSYS_30A2103C&REV_03#3&b1bfb68&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{673F78BE-2C02-4DA1-89D3-22E4623AE0AB}"
.\debug.cpp(400) : Destination="\Device\{673F78BE-2C02-4DA1-89D3-22E4623AE0AB}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30A2&REV_1002#4&599da60&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000b7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DSNCADPT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ3_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000078"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_30A2103C&REV_01#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :

ipaultexas

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-07-20
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by ipaultexas on Tue 27 Jul 2010, 4:56 am

Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&289a596f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000067"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02#4&4878531&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_170C&SUBSYS_30A2103C&REV_02#4&2ec23395&0&70F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0005#{ba9afdaa-aa82-45be-be4b-348ba04f1a92}"
.\debug.cpp(400) : Destination="\Device\0000005d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col01#3&563a312&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000b4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN010D#4&28738126&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000097"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\iaStor0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AGRSM_xface"
.\debug.cpp(400) : Destination="\Device\AGRSM_xface"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{34699dc2-f125-4490-ae54-e7db91946f9e}"
.\debug.cpp(400) : Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standard Modem"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E7B8305E-179E-47E4-BA6F-7E966CD930AC}"
.\debug.cpp(400) : Destination="\Device\{E7B8305E-179E-47E4-BA6F-7E966CD930AC}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\000000b5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_103C30A2&REV_1007#4&599da60&0&0101#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination="\Device\000000b8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_30A2103C&REV_03#3&b1bfb68&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{34699dc2-f125-4490-ae54-e7db91946f9e}"
.\debug.cpp(400) : Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM10"
.\debug.cpp(400) : Destination="\Device\swivspser1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________HH15____#5&14c67f6c&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM11"
.\debug.cpp(400) : Destination="\Device\swivspser2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination="\Device\DmControl\DmInfo"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 55 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

ipaultexas

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-07-20
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by DragonMaster Jay on Tue 27 Jul 2010, 3:45 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by ipaultexas on Thu 29 Jul 2010, 7:31 pm

i cant get the eset log because the virus came back. should i run rkill again?

ipaultexas

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-07-20
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by DragonMaster Jay on Fri 30 Jul 2010, 5:50 am

Sure.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by ipaultexas on Fri 30 Jul 2010, 1:33 pm

i did but it dident find anything. it only found the rkill proses

ipaultexas

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-07-20
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by DragonMaster Jay on Fri 30 Jul 2010, 4:08 pm

Did ESET online scan find anything?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by ipaultexas on Thu 05 Aug 2010, 2:01 pm

it dident find anything and the virus came back after running this program. sorry on the late reply as i was away for a few days.

ipaultexas

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-07-20
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by DragonMaster Jay on Fri 06 Aug 2010, 10:03 am

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by DragonMaster Jay on Wed 11 Aug 2010, 6:23 am

Are you still with us?

Please reply and let us know the progress!


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by ipaultexas on Sun 15 Aug 2010, 1:03 pm

i am back my computers power suplu took a dive bit i have a new one i will download the programs and post the results.

ipaultexas

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-07-20
Operating System : Windows Xp

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by DragonMaster Jay on Mon 16 Aug 2010, 7:35 am

ok


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by DragonMaster Jay on Wed 18 Aug 2010, 5:08 pm

Still with us? Please let me know how things are going!


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Win32/Nuqel.E and Bankerfox.A

Post by Sponsored content Today at 8:00 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum