Win32/heur sims 2

By tedus987
Mar 10, 2011
Topic Status:
Not open for further replies.
  1. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Regarding Security Programs: Lack of internet does not prevent you from uninstalling outdated programs:

    Please uninstall the following
    Java(TM) 6 Update 22
    Java(TM) 6 Update 7
    Adobe Reader 7.0 [/b]

    Please update the following as soon as able:
    1. Java(TM)> Java Updates
    2. Adobe Reader> Adobe Reader Update or try
    3. FoxIt Reader: As an alternative PDF Reader HERE.
    This is a much smaller program, without bloat which allows you to do the same as Adobe. When you see the Foxit Reader Install Wizard below:
    make sure you do the following:
    • Uncheck "make Ask my browser default search provider.
    • Uncheck "Set as my homepage."
    • Click on Decline to prevent the Foxit Search Bar, also from,from installing
    • Installation will then continue
    You can then uninstall the Adobe Reader in Add/Remove Programs and delete it's program folder and files in Windows Explorer.
    4. Firefox> Update to latest Firefox v3.6 through Tools> Update (I think it's 3.6.19 -or- update to new Firefox v4.
  2. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    ok, i'll do those tonight, anything else you can suggest while i'm at uni


    OK, I'll do it tonight, the CD's i use to store the programs became magnetised and i couldn't write to them, what's worse it was at 8 PM before i found out.
  3. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    also i noticed something on the Microsoft updates page, I'm going try running a malicious software removal tool after I've ran the TDSS killer, might get lucky with it.

    OK, I'll post the logs when i next have access to the internet.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please observe the following:
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  5. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    OK, didn't get chance to run it anyway, but i did run the TDSS killer, it found nothing, oddly enough, also i tried to remove java and adobe and weirdly enough i got the message,

    when removing from add or remove:- windows installer failed to start, this could be due to safe mode or that the installer isn't properly installed. (yet i was able to use add/remove a week ago. while in safe mode.)
    adobe:- the system admin has set up policies to prevent this installation. (no i haven't, i don't know where that came from.)
    java:- (not a valid system 32 file (Wha???)

    here's the log from the TDSSkiller (i think, had to manually request it from the program, since it stated my PC was clean.)

    2011/03/30 21:10:19.0015 1532 TDSS rootkit removing tool Mar 10 2011 12:26:28
    2011/03/30 21:10:19.0031 1532 ================================================================================
    2011/03/30 21:10:19.0031 1532 SystemInfo:
    2011/03/30 21:10:19.0031 1532
    2011/03/30 21:10:19.0031 1532 OS Version: 5.1.2600 ServicePack: 3.0
    2011/03/30 21:10:19.0031 1532 Product type: Workstation
    2011/03/30 21:10:19.0031 1532 ComputerName: LUKE-143F21AD47
    2011/03/30 21:10:19.0031 1532 UserName: Administrator
    2011/03/30 21:10:19.0031 1532 Windows directory: C:\WINDOWS
    2011/03/30 21:10:19.0031 1532 System windows directory: C:\WINDOWS
    2011/03/30 21:10:19.0031 1532 Processor architecture: Intel x86
    2011/03/30 21:10:19.0031 1532 Number of processors: 2
    2011/03/30 21:10:19.0031 1532 Page size: 0x1000
    2011/03/30 21:10:19.0031 1532 Boot type: Safe boot with network
    2011/03/30 21:10:19.0031 1532 ================================================================================
    2011/03/30 21:10:19.0468 1532 Initialize success
    2011/03/30 21:10:31.0625 1592 ================================================================================
    2011/03/30 21:10:31.0625 1592 Scan started
    2011/03/30 21:10:31.0625 1592 Mode: Manual;
    2011/03/30 21:10:31.0625 1592 ================================================================================
    2011/03/30 21:10:33.0296 1592 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2011/03/30 21:10:33.0375 1592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/03/30 21:10:33.0625 1592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/03/30 21:10:33.0687 1592 ActionReplayDS (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\ActionReplayDS.sys
    2011/03/30 21:10:33.0953 1592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/03/30 21:10:34.0015 1592 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/03/30 21:10:34.0125 1592 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    2011/03/30 21:10:34.0390 1592 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/03/30 21:10:34.0453 1592 AsIO (663f2fb92608073824ee3106886120f3) C:\WINDOWS\system32\drivers\AsIO.sys
    2011/03/30 21:10:34.0703 1592 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011/03/30 21:10:34.0890 1592 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
    2011/03/30 21:10:34.0953 1592 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
    2011/03/30 21:10:35.0125 1592 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
    2011/03/30 21:10:35.0203 1592 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
    2011/03/30 21:10:35.0359 1592 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
    2011/03/30 21:10:35.0437 1592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/03/30 21:10:35.0531 1592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/03/30 21:10:35.0656 1592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/03/30 21:10:35.0812 1592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/03/30 21:10:35.0921 1592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/03/30 21:10:36.0093 1592 c65013264 (a4087da0990727dca1ff4ede4940d382) C:\WINDOWS\system32\drivers\c6501.sys
    2011/03/30 21:10:36.0203 1592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/03/30 21:10:36.0343 1592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/03/30 21:10:36.0437 1592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/03/30 21:10:36.0578 1592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/03/30 21:10:36.0656 1592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/03/30 21:10:36.0937 1592 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
    2011/03/30 21:10:37.0125 1592 cmuda3 (809980f0bfcec2d3ddb3dbe8a2bd323b) C:\WINDOWS\system32\drivers\cmudax3.sys
    2011/03/30 21:10:37.0437 1592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/03/30 21:10:37.0546 1592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/03/30 21:10:37.0718 1592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/03/30 21:10:37.0796 1592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/03/30 21:10:37.0843 1592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/03/30 21:10:37.0875 1592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/03/30 21:10:38.0078 1592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/03/30 21:10:38.0171 1592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/03/30 21:10:38.0187 1592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/03/30 21:10:38.0359 1592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/03/30 21:10:38.0437 1592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/03/30 21:10:38.0531 1592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/03/30 21:10:38.0625 1592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/03/30 21:10:38.0734 1592 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2011/03/30 21:10:39.0000 1592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/03/30 21:10:39.0453 1592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/03/30 21:10:39.0531 1592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/03/30 21:10:39.0640 1592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/03/30 21:10:39.0859 1592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/03/30 21:10:39.0953 1592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/03/30 21:10:39.0984 1592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/03/30 21:10:40.0203 1592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/03/30 21:10:40.0250 1592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/03/30 21:10:40.0281 1592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/03/30 21:10:40.0312 1592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/03/30 21:10:40.0578 1592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/03/30 21:10:40.0781 1592 ISWKL (f0dec1fdc2e67aedd8cc00b48eee0d43) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    2011/03/30 21:10:41.0046 1592 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
    2011/03/30 21:10:41.0125 1592 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\WINDOWS\system32\DRIVERS\jraid.sys
    2011/03/30 21:10:41.0203 1592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/03/30 21:10:41.0437 1592 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\kl1.sys
    2011/03/30 21:10:41.0484 1592 KLIF (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\DRIVERS\klif.sys
    2011/03/30 21:10:41.0718 1592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/03/30 21:10:41.0796 1592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/03/30 21:10:42.0093 1592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/03/30 21:10:42.0156 1592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/03/30 21:10:42.0187 1592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/03/30 21:10:42.0437 1592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/03/30 21:10:42.0484 1592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/03/30 21:10:42.0531 1592 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/03/30 21:10:42.0593 1592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/03/30 21:10:42.0828 1592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/03/30 21:10:42.0828 1592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/03/30 21:10:42.0843 1592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/03/30 21:10:42.0890 1592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/03/30 21:10:42.0937 1592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/03/30 21:10:43.0171 1592 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    2011/03/30 21:10:43.0218 1592 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/03/30 21:10:43.0265 1592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/03/30 21:10:43.0515 1592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/03/30 21:10:43.0562 1592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/03/30 21:10:43.0609 1592 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/03/30 21:10:43.0843 1592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/03/30 21:10:43.0859 1592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/03/30 21:10:43.0921 1592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/03/30 21:10:43.0984 1592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/03/30 21:10:44.0000 1592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/03/30 21:10:44.0281 1592 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/03/30 21:10:44.0343 1592 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\WINDOWS\system32\drivers\nmwcdc.sys
    2011/03/30 21:10:44.0359 1592 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2011/03/30 21:10:44.0531 1592 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\WINDOWS\system32\drivers\nmwcd.sys
    2011/03/30 21:10:44.0562 1592 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2011/03/30 21:10:44.0781 1592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/03/30 21:10:44.0828 1592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/03/30 21:10:44.0906 1592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/03/30 21:10:45.0125 1592 nv (f85e109844787668ce8aab54ef14362a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/03/30 21:10:45.0562 1592 NVENETFD (97724affdd7a5a47c3bc07ccd1b88745) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    2011/03/30 21:10:45.0656 1592 nvnetbus (82c2b3a89b9edfa6287c5aba1a4e6a99) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    2011/03/30 21:10:45.0921 1592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/03/30 21:10:45.0921 1592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/03/30 21:10:45.0968 1592 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/03/30 21:10:45.0984 1592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/03/30 21:10:46.0203 1592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/03/30 21:10:46.0250 1592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/03/30 21:10:46.0328 1592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/03/30 21:10:46.0375 1592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/03/30 21:10:46.0593 1592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/03/30 21:10:46.0765 1592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/03/30 21:10:47.0000 1592 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/03/30 21:10:47.0015 1592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/03/30 21:10:47.0062 1592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/03/30 21:10:47.0125 1592 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/03/30 21:10:47.0406 1592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/03/30 21:10:47.0468 1592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/03/30 21:10:47.0640 1592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/03/30 21:10:47.0687 1592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/03/30 21:10:47.0734 1592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/03/30 21:10:47.0750 1592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/03/30 21:10:47.0812 1592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/03/30 21:10:48.0000 1592 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/03/30 21:10:48.0046 1592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/03/30 21:10:48.0140 1592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/03/30 21:10:48.0187 1592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/03/30 21:10:48.0359 1592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/03/30 21:10:48.0421 1592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/03/30 21:10:48.0500 1592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/03/30 21:10:48.0718 1592 SNPSTD3 (4ad5df2bbd1ba812d6ea56b58c598f4c) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
    2011/03/30 21:10:48.0796 1592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/03/30 21:10:48.0812 1592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/03/30 21:10:49.0046 1592 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/03/30 21:10:49.0109 1592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/03/30 21:10:49.0156 1592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/03/30 21:10:49.0390 1592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/03/30 21:10:49.0515 1592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/03/30 21:10:49.0625 1592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/03/30 21:10:49.0859 1592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/03/30 21:10:49.0890 1592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/03/30 21:10:49.0921 1592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/03/30 21:10:50.0156 1592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/03/30 21:10:50.0218 1592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/03/30 21:10:50.0468 1592 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/03/30 21:10:50.0515 1592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/03/30 21:10:50.0578 1592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/03/30 21:10:50.0828 1592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/03/30 21:10:50.0828 1592 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/03/30 21:10:50.0875 1592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/03/30 21:10:50.0937 1592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/03/30 21:10:50.0968 1592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/03/30 21:10:51.0203 1592 vsdatant (7f10c6c385a03f40b07d682bfaa07e2f) C:\WINDOWS\system32\vsdatant.sys
    2011/03/30 21:10:51.0515 1592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/03/30 21:10:51.0609 1592 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/03/30 21:10:51.0875 1592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/03/30 21:10:52.0187 1592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/03/30 21:10:52.0234 1592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/03/30 21:10:52.0265 1592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/03/30 21:10:52.0468 1592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/03/30 21:10:52.0546 1592 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
    2011/03/30 21:10:53.0296 1592 ================================================================================
    2011/03/30 21:10:53.0296 1592 Scan finished
    2011/03/30 21:10:53.0296 1592 ================================================================================


    ofcorse looking at the log here, i have an AMD athlon duel core 5200+ processor, not intel...
  6. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    it's odd how it didn't find anything, is it possible that the virus has been removed but it has left damage that may be causing the same simptoms?

    or possible a bad windows update?

    can only open applications that open on boot.
    no access to the internet. (browsers won't start and virus scanners lock up.)
    over time PC comes to a crawl.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Some programs require the Windows Installer to remove> the ones that have used it to install them originally.

    We've been at this for a while. Please give me a status update on the malware related problem now. Do not include the problem with Windows Updates and don't be concerned about the at this time.

    The following are system related, not malware related:
  8. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    that's the thing, it all started with AVG giving me a FP and me swaping it for avast, i have no idea what it might be because all the scanners say i have nothing, but the scans you've asked me to run have said that they removed some form of infection and that it's in the logs, but there's no change on asccess to the internet or the system status...

    the most recent scan i did stated i was clean but it still acts like it dose. i don't know what else to put because there are no apparnt effects other than the one's i have listed.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay, I've gone back over all of the logs and your comments and here's what I see:

    1. Problem began when you got the Sims pack, which was followed by AVG Win32/Heur alert:> FP
    2. Three of the Sims 2 you have do not have the trademark. They show like this:
    Instead of all the others like this: The Sims showing the TradeMark. Was the download source or site different?

    3. Please explain what this 'one-time' refers to:
    4. Running in Safe Mode is actually self-imposed, is it not:
    and also
    Have you tried using Internet Explorer? What happens?

    This happens because many processes do not load in Safe Mode:

    5. So you can actually use Safe Mode for Diagnostics:
    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    If a symptom does not reappear when you start in safe mode, you can eliminate the default settings and minimum device drivers as possible causes. If a newly added device or a changed driver is causing problems, you can use safe mode to remove the device or reverse the change.

    Using Safe Mode to determine a basic source of a problem:The choices:
    • Safe Mode:
      [o]Loads the minimum set of device drivers (serial or PS/2 mouse devices, standard keyboards, hard disks, CD-ROM drives, and standard VGA devices)and system services required to start Windows XP/2000/2003.(Event Log, Plug and Play, RPCs and Logical Disk Manager.
      [o] User specific startup programs do not run. This is helpful in determining whether problems are due to specific programs.
    • Safe Mode with Networking: Includes the services and drivers needed for network connectivity.
      [o] Safe mode with networking enables logging on to the network, logon scripts, security, and Group Policy settings.
      [o] Nonessential services and startup programs not related to networking do not run.
      [o]Helpful if needed but should be used with caution as the security programs don't load in this mode.
    • Safe Mode with Command Prompt: Starts the computer in safe mode, but displays the command prompt rather than the Windows GUI interface.
    • Last Known Good Configuration: which starts your computer using the registry information that was saved at the last shutdown.

    So by using the different options of Safe Mode, you can sometimes determine what the area of problem is- and isn't.
    Did you clean the flash drive?
    I'd like to run one particular scan:Bootkit Remover:

    Download bootkitremover.rar and save to your desktop.
    1. Extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
    2. Double-click on the remover.exe file to run the program.
      NOTE: The tool should be run from a command line with Administrator privileges.
    3. Scanning should be completed quickly
    4. Paste the output in your next reply.
  10. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    1. not exactly, i had the pack for a while, at least 2 months or so. i know this because I installed it before swapping towers. (graphics card was to big for the tower. so if i wanted 2 i had to transfer everything to the new tower, worth the cut on my hand i got moving parts.)

    2. those packs i know are authentic because i had to put the product code in to install, but i did get them from Amazon, but again I ordered them new and from a reputable source that i have used many times before. but I think i will look at the boxes and disks tonight, just to make sure.(i registered the products online after installing - EA stated there authentic)

    3. ah, the one time reference. me and my girlfriend have a wii and we sometimes use code junkies wii game save app to get a game save for when we have a big group of people over. this is so everything is unlocked and there's no restriction of choice. this is the second copy i had, even though i have reinstalled once before I didn't remove the product code from the app so the people at code junkies state the code is in use, on a PC system that no longer exists, after a lenthly take they stated there was nothing they could do to rectify it.

    also, not all my sims 2 apps have been registered online, the one's i bought online have to make sure they where the legal copy, but ones bought from game, gamestation and HMV arn't because i know there legal and the trademarked version. in short i don't want to risk having to buy them again to install them.

    to add on i also have some apps where i need information, as you can see in the logs i have oblivion and dragon age and mod managers for both of them, in my pc's current state i can't open them and thus can't access the data to know what mods I have active and what are broken.

    4. my mistake, what i meant was that when i chose not to boot in safe mode that it can boot normally but it slows down soon after accessing my account.

    again i think i didn't make myself clear, if i try to say run firefox or any application that isn't already open on startup whatever i used to access the app freezes up, for instance if i run a folder window, c:\program files\mozilla\firefox.exe when i double click on the exe file the folder browser i'm using freezes and the application never runs, if i try the start menu the start menu freeze and if i try the shortcut on the desktop the entire desktop becomes none responsive. same for the shortcut on the start menu toolbar.

    this in not restricted to mozilla but every application on the PC, (spybot, malware, word, windows picture viewer.) anything that wasn't opened at the start-up.

    5. i've booted in both safe mode and safemode with networking and both are ok, i used flash drive disinfector but i'll run this new program tonight.

    looking back i remember that i could still boot normally even when AVG was flagging the FP, is it possible that avast could be the cause? could it be damaging my system when it ran a boot scan? because it did state files where corrupted which i found odd.
  11. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    .\debug.cpp(238) : Debug log started at 04.04.2011 - 20:47:01
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
    .\boot_cleaner.cpp(529) :
    .\boot_cleaner.cpp(533) : Program version:
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x804d7000 0x00229000 "\WINDOWS\system32\ntoskrnl.exe"
    .\debug.cpp(256) : 0x80700000 0x00020d00 "\WINDOWS\system32\hal.dll"
    .\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
    .\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0xf75a8000 0x0002e000 "ACPI.sys"
    .\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
    .\debug.cpp(256) : 0xf7597000 0x00011000 "pci.sys"
    .\debug.cpp(256) : 0xf75f7000 0x0000a000 "isapnp.sys"
    .\debug.cpp(256) : 0xf7607000 0x00010000 "ohci1394.sys"
    .\debug.cpp(256) : 0xf7617000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
    .\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
    .\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
    .\debug.cpp(256) : 0xf7627000 0x0000b000 "MountMgr.sys"
    .\debug.cpp(256) : 0xf74d8000 0x0001f000 "ftdisk.sys"
    .\debug.cpp(256) : 0xf798b000 0x00002000 "dmload.sys"
    .\debug.cpp(256) : 0xf74b2000 0x00026000 "dmio.sys"
    .\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
    .\debug.cpp(256) : 0xf7637000 0x0000d000 "VolSnap.sys"
    .\debug.cpp(256) : 0xf749a000 0x00018000 "atapi.sys"
    .\debug.cpp(256) : 0xf7647000 0x0000c000 "jraid.sys"
    .\debug.cpp(256) : 0xf7482000 0x00018000 "\WINDOWS\system32\DRIVERS\SCSIPORT.SYS"
    .\debug.cpp(256) : 0xf7657000 0x00009000 "disk.sys"
    .\debug.cpp(256) : 0xf7667000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0xf7867000 0x00020000 "fltmgr.sys"
    .\debug.cpp(256) : 0xf7855000 0x00012000 "sr.sys"
    .\debug.cpp(256) : 0xf7677000 0x0000a000 "PxHelp20.sys"
    .\debug.cpp(256) : 0xf783e000 0x00017000 "KSecDD.sys"
    .\debug.cpp(256) : 0xf7b52000 0x0008d000 "Ntfs.sys"
    .\debug.cpp(256) : 0xf795a000 0x0002d000 "NDIS.sys"
    .\debug.cpp(256) : 0xf7a35000 0x0001a000 "Mup.sys"
    .\debug.cpp(256) : 0xf776f000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
    .\debug.cpp(256) : 0xf7507000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0xf778f000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0xf779f000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0xf77af000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
    .\debug.cpp(256) : 0xb8208000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0xf77df000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0xf74f7000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
    .\debug.cpp(256) : 0xf7923000 0x00003000 "\SystemRoot\system32\drivers\iviaspi.sys"
    .\debug.cpp(256) : 0xf7472000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0xf7462000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
    .\debug.cpp(256) : 0xb8195000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0xf799d000 0x00002000 "\SystemRoot\system32\DRIVERS\ASACPI.sys"
    .\debug.cpp(256) : 0xb8165000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
    .\debug.cpp(256) : 0xf7452000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0xf79a3000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0xb8107000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
    .\debug.cpp(256) : 0xf7943000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0xb81b8000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
    .\debug.cpp(256) : 0xf7432000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0xf79a7000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0xf79ab000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
    .\debug.cpp(256) : 0xf7a5f000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0xf79af000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0xf780f000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0xb7fdc000 0x00014000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0xf7717000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0xf777f000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0xf77f7000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0xf7402000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
    .\debug.cpp(256) : 0xb7fa4000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
    .\debug.cpp(256) : 0xf79bd000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
    .\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0xb80ff000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0xf77ff000 0x00005000 "\SystemRoot\System32\watchdog.sys"
    .\debug.cpp(256) : 0xbd000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
    .\debug.cpp(256) : 0xf7a72000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
    .\debug.cpp(256) : 0xbff50000 0x00003000 "\SystemRoot\System32\framebuf.dll"
    .\debug.cpp(256) : 0xbd012000 0x00047000 "\SystemRoot\System32\ATMFD.DLL"
    .\debug.cpp(256) : 0xb7970000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
    .\debug.cpp(256) : 0xf77ef000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
    .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S223F________________SB00____#5&1d206df0&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&fd510dc&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&11b2e0cb&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000063"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S223F________________SB00____#5&1d206df0&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskExcelStor_Technology_J9250S_____________GM2OA52A#5&ec4428c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP4T0L0-1b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
    .\debug.cpp(400) : Destination "\Device\ATKACPI"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4cfde7b4-0b3d-11de-ace1-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\Floppy0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
    .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3400620A______________________________3.AAE___#5&341e3395&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
    .\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Kingston&Prod_DT_101_G2&Rev_PMAP#0019E02D40CBBA50C0000009&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000076"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e2f80c50-4d77-11e0-96ae-f10d5ec753a9}"
    .\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2363&SUBSYS_2363197B&REV_03#4&3167b664&0&0058#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_005A&SUBSYS_815A1043&REV_A2#3&2411e6fe&0&10#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0951&Pid_1642#0019E02D40CBBA50C0000009#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi6:"
    .\debug.cpp(400) : Destination "\Device\Scsi\JRAID1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1e67b15b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IVIaspi0"
    .\debug.cpp(400) : Destination "\Device\IVIaspi0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
    .\debug.cpp(400) : Destination "\Device\Harddisk2\DR2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
    .\debug.cpp(400) : Destination "\Device\Harddisk3\DR6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000046"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4cfde7b5-0b3d-11de-ace1-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&20a15d93&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\FloppyPDO0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HDP725050GLA360_________________GM4OA5CA#5&37a55bee&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP5T0L0-26"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature47E947E8Offset7E00Length3A380D0200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&11b2e0cb&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature33471F66Offset7E0000Length5D267B8200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3#3&2411e6fe&0&11#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&35297846&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0d8c&Pid_0201#5&36c701f9&0&7#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&11b2e0cb&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
    .\debug.cpp(400) : Destination "\Device\Floppy0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d9452d2d-0b05-11de-98d6-96431c6e08d8}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF58DF58DOffset7E00Length7470980400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
    .\debug.cpp(400) : Destination "\Device\DmLoader"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\FtControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&fd510dc&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4cfde7b7-0b3d-11de-ace1-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{50394725-0daf-11de-af2f-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S223F________________SB00____#5&1d206df0&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00007e00
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
    .\boot_cleaner.cpp(1060) :
    .\boot_cleaner.cpp(1061) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1062) : --------------------------------------------
    .\boot_cleaner.cpp(1106) : 232 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1112) :
    .\boot_cleaner.cpp(1151) : Done;
  12. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    ok, log poster, forgot to look at sims 2 pack, will look tonight
  13. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    OK, looked, sims packs from Amazon are legal and where sent from the store.

    i've had them on my pc for months so i didn't suspect they would be the cause.

    I've ran what i did the day before all this happened and something ran through my head as possible. this is what i did.

    my usual schedual is to start the PC in the morning before uni, run spybot, have it finish then run malware and avg side by side (fully updated.)

    my girlfriend rang me at uni and told me avg pick up something, i accessed the web here and found it to be a FP. (this is the sims 2 win32/heur)

    when i got home i looked at the file and realised it was AVG being *****ic, so i moved it out of the virus vault and added an aception. i restarted my pc and then ran the scan again, even with the exception AVG still insisted it was a FP, i looked on the web more then made an exception for the whole folder and the specific file, restarted then scanned, still AVG picked it up.

    by this point i was sick to death with the amount of crap AVG had thrown at me over the years and had enough, i used Mozilla to access the web and downloaded avast, disconnected from the internet, UN-installed AVg and installed AVAST.everything seamed to go well, until tomorrow morning when i tried to run spy bot and the system locked. (the task bar locked since that's where i tried to run the short cut for spybot like normal.)

    so it could be that either there was a virus set to attack once i removed my virus scanner that two up to date scanners couldn't pick up, or can it be possible that avast is causing all this??? could it be conflicting with something AVG left behind.

    on top of that, sevral people have stated that they are suffering from similar problems.


    "I attempted to install v6 Pro on WinXP SP3 [edit: after using 4.8 for years]. The install went OK, and Avast appeared to work afterward. But after rebooting, the Avast service and many others refused to start, and even the taskbar wouldn't appear. It turns out that something about Avast prevented the RPC service from starting, which then caused most or all or the other problems.

    I tried the troubleshooting/load Avast after other services option, but it made no difference.

    After several reboots, including install/uninstall cycles, I uninstalled V6 and installed V5 [Edited to add: 5.0.545], which works OK. I ran a full scan (and a boot-time scan, too) with a current VPS, but Avast found no viruses."

    "I think i have the same problem as you. After the update the computer would load normally up till it loaded itself then none of my other taskbar items would load then the whole computer would freeze up. Unistalled and computer returned to normal.
    WinXP SP3 and zonealarm"


    i downloaded version 6 from the site and these problems are almost identical to mine. if it truly is AVAST then installing an older version could be the key.

    i'll wait for your response to see if you think i should try this. although i have a strong gut feeling that this could be the answer, mainly because after going back over what happen AVAST is the only anomaly that can be unacounted for.
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Well, my hair stood up on end when I read this: "added an aception."[/b] I took that to mean you added Win32/Heur as thee exception! Or please undo that if it's what you did! Win32/Heur is a very valid infection. And when AVG finds it, it can be an indication of a more serious infection such as the file infector, Virut

    So under no circumstances do you want to exclude it! Unfortunately, AVG puts out some bad updates, first alarming all their users that thy have this and then annoying them because this time it was a FP. But it does not mean that next time would also mean it was a FP!

    I would like to comment on this:
    If you have adequate and good, layered security on the system, you don't need to run Spybot S&D, Mbam and a virus scan every day.

    A good, well configured antivirus program, a good, well configured bi-directional firewall like Comodo or ZoneAlarm and 2 or more antimalware programs like Spywareblaster and Spybot S&D should allow you to use the system with confidence, running only weekly scans. And I wouldn't use Mbam regularly.

    "Assuming" your internet surfing habits have you only going to Safe Sites (Using Site Advisor like WOT), a good popup blocker, blocking third party Cookies and practicing safe email handling of not opening unknown email or attachments should allow you to enjoy the computer without too much paranoia!

    Of course, it goes without saying the you do regular maintenance like delete temporary internet files, error check and defrag and set you own restore points occasionally.

    I'll be back after a lunch break to review the Avast info you left. And I have link for free programs in all the areas I mentioned.
  15. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    i'm currently on my pc... after removing avast and installing it's older 5.0.545 version, everything is back to normal... only problem is i can't register the older product.

    might reinstall AVG to see if they have solved the problem.

    i must thank you though, if it wasn't for all those logs and scans and nothing turning up i would have still been thinking it was a virus. now i know diffrent thanks to you. because of all those logs i started to question my opwn actions when i was angry, thanks.

    currently there are major problems with avast version 6 and XP so if i don't get a licence key for this in about 30 days i'll have to install something else, any suggestions??
  16. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    and now, the registration key for the older version is not working.

    methinks i should switch back to AVG till they sort out version 6, not to sure it's a good idea to have an AV program that won't register.
  17. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    ok, installed AVG.

    avast version 5 was acting funny (would remove from add or remove, had to end the process and manually go in to the program files to deleate it... shoud i worry, i got it from here.
  18. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    gonna run some scans tomorow, if everything looks ok, then it's been cured. i can't half thank you enouth for the ammount of time you've helped me on this, i'm sorry that it was my own anger at AVG that started it. but thanks, without all those scans, i would have still thought it a virus. thankyou. i'll give you the heads up on tomorows scans, if you want me to do any other scans before i start the system restore again give me a heads up.
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I had previously read in the Avast forum about many going back from v6 to If you can resolve that one, suggest use free and good Avira-AntiVir-Personal-Free-Antivirus

    When the security program upgrade their engines- not updates> such as v5 to v6, I've seen many go downhill. The engine is a major upgrade while an update is usually done for security purposes on the same engine. In my opinion, when AVG upgraded from v7 or v7.5 to v8, they ruined what had been a good AV program. And now they are up to AVG 2011 and still having massive problems. I don't recommend AVG to anyone any more.

    But basic security should be layered: one AV, one Firewall and two or more antimalware programs, combining Real Time security with one that runs in the background such as Spywareblaster.
    Are you able to boot into Normal Mode now?
    Can you use Firefox to surf? If not, what happens? Did you try Internet Explorer.
    Leaving you only in Safe Mode is not the way to finish> if you slow down drastically in either browser, try removing the addons through Tools. You can then put them back on one at a time until you determine if one of them is causing the slowdowns. By the number, I don't see an excess, but one ot more could be resource intensive.
    You need to run an online virus scan> either of the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Run Kaspersky Online Scanner in Internet Explorer
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
    Then please run this Security Check

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    I'll have you remove all of the cleaning tools and logs when we're through.
  20. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    ok, i'll do that once i'm home, my grilfriend rang me up and said AVG found a currupted file, i'll post the file name and logs once i get home and run the online scans (it's good to get my PC back.) on the plus side, i also just aced a resit with 100% so my scoure could mostlikly be 90% for the 10% penalty.
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Consider replacing AVG.
  22. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    with, can't use avast, anything else?
  23. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    corrupted file was a system restore that avast made when it was installed.

    here's the up to date malware bytes log

    Malwarebytes' Anti-Malware

    Database version: 6297

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    07/04/2011 15:44:30
    mbam-log-2011-04-07 (15-44-30).txt

    Scan type: Full scan (C:\|E:\|G:\|)
    Objects scanned: 439194
    Time elapsed: 4 hour(s), 16 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    eset scan

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=
    # OnlineScanner.ocx=
    # api_version=3.0.2
    # EOSSerial=1881e47de419ae47a4b8d9db00e7b121
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-04-07 11:49:58
    # local_time=2011-04-08 12:49:58 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=768 16777215 100 0 0 0 0 0
    # compatibility_mode=1032 16777189 100 95 12282 45500926 0 0
    # compatibility_mode=8192 67108863 100 0 182 182 0 0
    # compatibility_mode=9217 16776893 100 77 2258526 19161812 0 0
    # scanned=264591
    # found=0
    # cleaned=0
    # scan_time=9665


    ok, that's 2 running the other two now, (not at the same time)
  24. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    ok, my connections crap so i can't run the kasperskie online scan since it takes to long to update. i know this to be my connection. sorry about that, running security check now.

    what normally happens is that it starts updating the scan but by 50% the licance and connection time out due to my connection. my current speed is
    2.3 mbps and i know i'm a good distace away from the exchange.
  25. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 156

    ok, security check done, here's the log

    Results of screen317's Security Check version 0.99.10
    Windows XP Service Pack 3
    Internet Explorer 8
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    AVG 2011
    ZoneAlarm Extreme Security
    Antivirus up to date!
    Anti-malware/Other Utilities Check:

    MVPS Hosts File
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader X (10.0.1)
    Mozilla Firefox (3.6.16) Firefox Out of Date!
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    Zone Labs ZoneAlarm zlclient.exe
    Zone Labs ZoneAlarm MailFrontier mantispm.exe
    ``````````End of Log````````````

    what's the java update again, i couldn't run it last time.
Topic Status:
Not open for further replies.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.