Inactive Windows Vista Machine Problem

Satdeep · 2010/12/10

[Inactive] Windows Vista Machine Problem

I have a Sony Vaio running Windows Vista with SP1. My problems are undeneath. They started after I opened a photograph which my friend sent to me through MSN Messenger. I am assuming this because my problems came up after I rebooted the machine, having opened that photograph.

1. The machine takes 10-12 minuntes to boot completely. This happened after a particular update of windows was unsuccessful.

2. Once Vista is loaded, sometimes there is a white screen for a few minutes beore the OS loads. Also, there is no Sidebar and I am unable to access the Control Panel.

3. The computer runs very slow. It takes ages to do anything.

4. My Vista SP2 has failed to install many times. I am unable to install it and there is always a persistent icon in my taskbar that says I have updates ready for install.

5. Sometimes an advertising URL pops up as a new tab in the IE window that is currently open.

I have taken the following actions.

1. I ran Malawarebyte's Anti malware. It found some errors and fixed them.

2. I ran DDS.

3. I ran MBR Check.

4. I tried running GMER countless times but it always crashes. I tried running it in safe mode with and without network. It still crashed while scanning C:\. Finally, I unchecked the Devices and File tab and scanned again. However, I assume this is not enough.

5. I tried running Combofix. It runs, takes a backup and then does nothing after saying "However, scan times for badly infected machines may easily double ". There are no processes after this and the machine hangs. I have to do a hard reboot.

6. I also scanned my laptop using AVG antivirus and it found some exes which it claimed were trojans in my pictures, temp and system folder. It claimed that they had been deleted.

I am posting the logs in subsequent messages.

I would appreciate any help or input that gets my laptop up and running.

Satdeep · 2010/12/10

MBRCHECK LOG

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Sony Corporation
System Product Name: VGN-CR363_B
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 152):
0x82651000 \SystemRoot\system32\ntkrnlpa.exe
0x8261E000 \SystemRoot\system32\hal.dll
0x80604000 \SystemRoot\system32\kdcom.dll
0x8060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8066C000 \SystemRoot\system32\PSHED.dll
0x8067D000 \SystemRoot\system32\BOOTVID.dll
0x80685000 \SystemRoot\system32\CLFS.SYS
0x806C6000 \SystemRoot\system32\CI.dll
0x88204000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88280000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8828D000 \SystemRoot\system32\drivers\acpi.sys
0x882D3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x882DC000 \SystemRoot\system32\drivers\msisadrv.sys
0x882E4000 \SystemRoot\system32\drivers\pci.sys
0x8830B000 \SystemRoot\System32\drivers\partmgr.sys
0x8831A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8831D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88327000 \SystemRoot\system32\drivers\volmgr.sys
0x88336000 \SystemRoot\System32\drivers\volmgrx.sys
0x88380000 \SystemRoot\system32\drivers\intelide.sys
0x88387000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x88395000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x883C2000 \SystemRoot\System32\drivers\mountmgr.sys
0x883D2000 \SystemRoot\system32\drivers\atapi.sys
0x883DA000 \SystemRoot\system32\drivers\ataport.SYS
0x807A6000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D8000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E8000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88406000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88477000 \SystemRoot\system32\drivers\ndis.sys
0x88582000 \SystemRoot\system32\drivers\msrpc.sys
0x885AD000 \SystemRoot\system32\drivers\NETIO.SYS
0x88602000 \SystemRoot\System32\drivers\tcpip.sys
0x886EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8880A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88919000 \SystemRoot\system32\drivers\volsnap.sys
0x88952000 \SystemRoot\System32\Drivers\spldr.sys
0x8895A000 \SystemRoot\System32\Drivers\mup.sys
0x88969000 \SystemRoot\System32\drivers\ecache.sys
0x88990000 \SystemRoot\system32\drivers\disk.sys
0x889A1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x889C2000 \SystemRoot\system32\drivers\crcdisk.sys
0x889EB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x889F6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88706000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88800000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D201000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8D929000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D9C8000 \SystemRoot\System32\drivers\watchdog.sys
0x8D9D5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x88715000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D9E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88753000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9043B000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90460000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90470000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x9047E000 \SystemRoot\system32\drivers\ti21sony.sys
0x9054B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9055E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90569000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90594000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90596000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x905A1000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x905A4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x905BC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x88765000 \SystemRoot\system32\DRIVERS\storport.sys
0x905EA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x887A6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x905F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x887BD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D9EF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x887E0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x885E7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90602000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90612000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90614000 \SystemRoot\system32\DRIVERS\ks.sys
0x9063E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90648000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90655000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90689000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91A08000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91BB5000 \SystemRoot\system32\drivers\portcls.sys
0x9069A000 \SystemRoot\system32\drivers\drmk.sys
0x906BF000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x906FC000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x91C06000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x91CBA000 \SystemRoot\system32\drivers\modem.sys
0x91CC7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91CD0000 \SystemRoot\System32\Drivers\Null.SYS
0x91CD7000 \SystemRoot\System32\Drivers\Beep.SYS
0x91CE7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91CEE000 \SystemRoot\System32\drivers\vga.sys
0x91CFA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91D1B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91D23000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91D2B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91D36000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91D44000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91D4D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91D63000 \SystemRoot\system32\DRIVERS\smb.sys
0x91D77000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91DA9000 \SystemRoot\system32\drivers\afd.sys
0x91BE2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92008000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9201F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9202D000 \SystemRoot\System32\Drivers\R5U870FLx86.sys
0x9203F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92052000 \SystemRoot\System32\Drivers\usbvideo.sys
0x92073000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x920AF000 \SystemRoot\System32\Drivers\R5U870FUx86.sys
0x920BA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x920C4000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x920CD000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x920CE000 \SystemRoot\System32\Drivers\dfsc.sys
0x920FE000 \SystemRoot\System32\Drivers\tcusb.sys
0x92119000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92126000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x92131000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x80C30000 \SystemRoot\System32\win32k.sys
0x92139000 \SystemRoot\System32\drivers\Dxapi.sys
0x92143000 \SystemRoot\system32\DRIVERS\monitor.sys
0x80E50000 \SystemRoot\System32\TSDDD.dll
0x80E70000 \SystemRoot\System32\cdd.dll
0x92152000 \SystemRoot\system32\drivers\luafv.sys
0x92175000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x92185000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9E00E000 \SystemRoot\system32\drivers\spsys.sys
0x9E0BD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E0C7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E0DA000 \SystemRoot\system32\drivers\HTTP.sys
0x9E147000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E164000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E17D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E192000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E1B2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x921AF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E1D1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9FC0E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9FC36000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FC9C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9FCA0000 \SystemRoot\system32\drivers\peauth.sys
0x9FD7E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FD88000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9FD94000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9FDA9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9FDBB000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9FDC3000 \SystemRoot\system32\drivers\tdtcp.sys
0x9FDCE000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xAB600000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xAB633000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x90200000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x775A0000 \Windows\System32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
500 C:\Windows\System32\smss.exe
568 csrss.exe
624 C:\Windows\System32\wininit.exe
636 csrss.exe
668 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\Ati2evxx.exe
1088 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\audiodg.exe
1388 C:\Windows\System32\Ati2evxx.exe
1408 C:\Windows\System32\svchost.exe
1512 C:\Program Files\Protector Suite QL\upeksvr.exe
1992 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\dwm.exe
1452 C:\Windows\explorer.exe
1584 C:\Windows\System32\spoolsv.exe
1764 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\taskeng.exe
1228 C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
824 C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
1552 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1028 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1824 C:\Windows\System32\AstSrv.exe
1036 C:\Windows\System32\svchost.exe
2156 C:\Windows\System32\svchost.exe
2392 C:\Windows\System32\svchost.exe
2464 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
2648 C:\Program Files\BILSYNCCHAT\bin\tgsrvc.exe
2712 C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
2744 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2776 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
2808 C:\Windows\System32\svchost.exe
2884 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
2940 C:\Windows\System32\SearchIndexer.exe
3044 WUDFHost.exe
3276 C:\Windows\System32\drivers\XAudio.exe
3340 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
3416 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
3588 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
3756 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3016 C:\Program Files\Windows Media Player\wmpnscfg.exe
4088 C:\Program Files\Windows Media Player\wmpnetwk.exe
3516 C:\Windows\System32\taskeng.exe
1948 C:\Windows\System32\wbem\unsecapp.exe
4056 WmiPrvSE.exe
3840 C:\Windows\System32\wuauclt.exe
3264 C:\Windows\System32\SearchProtocolHost.exe
296 taskeng.exe
1828 C:\Windows\System32\SearchFilterHost.exe
3412 C:\Users\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7d400000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2250BH, Rev: 0000000B

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Satdeep · 2010/12/10

DDS LOG 1

DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 12:59:09.72 on 10-12-2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.91.1033.18.2046.1115 [GMT 5.5:30]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\SYSTEM32\astsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\BILSYNCCHAT\bin\tgsrvc.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {66B73057-9896-5149-AB56-A0A68A4889DD} - c:\program files\lingvosoft\lingvosoft talking dictionary 2007 (english-portuguese) for windows\plugins\IE.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://nxpchat.airtelbroadband.in/sdccommon/download/tgctlcm.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SecurityProviders: credssp.dll, schannel.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-28 1153368]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-7 2222376]
R2 tgsrvc_bilsyncchat;SupportSoft Repair Service (bilsyncchat);c:\program files\bilsyncchat\bin\tgsrvc.exe [2009-1-9 148768]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2007-1-13 125440]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2007-1-13 17920]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-12-21 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-12-21 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-21 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-12-21 818688]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-12-21 28464]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2007-1-13 75952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-1-13 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-1-13 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-1-13 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-1-13 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-1-13 79136]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2008-9-1 104320]

=============== Created Last 30 ================

2010-12-10 11:11 <DIR> --d----- c:\programdata\WindowsSearch
2010-12-10 10:42 <DIR> --d----- c:\users\owner\appdata\roaming\AVG10
2010-12-10 10:40 <DIR> --d-h--- c:\programdata\Common Files
2010-12-10 10:40 <DIR> --d-h--- c:\progra~2\Common Files
2010-12-10 10:38 <DIR> --d----- c:\programdata\AVG10
2010-12-10 10:38 <DIR> --d----- c:\progra~2\AVG10
2010-12-10 10:27 <DIR> --d----- c:\programdata\MFAData
2010-12-10 10:27 <DIR> --d----- c:\progra~2\MFAData
2010-12-10 08:59 <DIR> --ds---- C:\ComboFix
2010-12-10 01:12 256,512 a------- c:\windows\PEV.exe
2010-12-10 01:12 161,792 a------- c:\windows\SWREG.exe
2010-12-10 01:12 98,816 a------- c:\windows\sed.exe
2010-12-10 01:12 89,088 a------- c:\windows\MBR.exe
2010-12-09 23:45 318,976 a------- c:\windows\system32\CF15152.exe
2010-12-07 22:28 <DIR> --d----- c:\users\owner\appdata\roaming\TeamViewer
2010-12-07 22:09 <DIR> --d----- c:\program files\TeamViewer
2010-12-03 19:55 0 a------- c:\windows\system32\8104297.jun
2010-12-03 19:54 <DIR> --d----- c:\program files\Browser Hijack Recover
2010-11-29 06:55 <DIR> --d----- c:\windows\system32\EventProviders
2010-11-28 14:42 27,648 a------- c:\windows\system32\drivers\usbser.sys
2010-11-28 03:53 177,664 a------- c:\windows\system32\mpg2splt.ax
2010-11-28 03:53 80,896 a------- c:\windows\system32\MSNP.ax
2010-11-28 03:53 293,376 a------- c:\windows\system32\psisdecd.dll
2010-11-28 03:53 428,544 a------- c:\windows\system32\EncDec.dll
2010-11-28 03:53 217,088 a------- c:\windows\system32\psisrndr.ax
2010-11-28 03:01 <DIR> --d----- c:\windows\CheckSur
2010-11-23 03:08 1,130,824 a------- c:\windows\system32\dfshim.dll
2010-11-23 03:08 297,808 a------- c:\windows\system32\mscoree.dll
2010-11-23 03:08 295,264 a------- c:\windows\system32\PresentationHost.exe
2010-11-23 03:08 99,176 a------- c:\windows\system32\PresentationHostProxy.dll
2010-11-23 03:08 49,472 a------- c:\windows\system32\netfxperf.dll
2010-11-23 03:05 411,136 a------- c:\windows\system32\drivers\http.sys
2010-11-23 03:05 31,232 a------- c:\windows\system32\httpapi.dll
2010-11-23 03:05 24,064 a------- c:\windows\system32\nshhttp.dll
2010-11-23 03:04 231,936 a------- c:\windows\system32\msshsq.dll
2010-11-20 19:22 123,904 a------- c:\windows\system32\msvfw32.dll
2010-11-20 19:22 91,136 a------- c:\windows\system32\avifil32.dll
2010-11-20 19:22 82,944 a------- c:\windows\system32\mciavi32.dll
2010-11-20 19:22 65,024 a------- c:\windows\system32\avicap32.dll
2010-11-20 19:22 50,176 a------- c:\windows\system32\iyuv_32.dll
2010-11-20 19:22 31,744 a------- c:\windows\system32\msvidc32.dll
2010-11-20 19:22 22,528 a------- c:\windows\system32\msyuv.dll
2010-11-20 19:22 13,312 a------- c:\windows\system32\msrle32.dll
2010-11-20 19:22 11,776 a------- c:\windows\system32\tsbyuv.dll
2010-11-20 19:21 8,147,456 a------- c:\windows\system32\wmploc.DLL
2010-11-20 19:21 303,616 a------- c:\windows\system32\drivers\srv.sys
2010-11-20 19:21 145,408 a------- c:\windows\system32\drivers\srv2.sys
2010-11-20 19:21 125,952 a------- c:\windows\system32\srvsvc.dll
2010-11-20 19:21 101,888 a------- c:\windows\system32\drivers\srvnet.sys
2010-11-20 19:21 17,920 a------- c:\windows\system32\netevent.dll
2010-11-20 19:19 317,952 a------- c:\windows\system32\MP4SDECD.DLL
2010-11-20 19:10 171,520 a------- c:\windows\system32\wintrust.dll
2010-11-20 19:09 98,304 a------- c:\windows\system32\cabview.dll
2010-11-20 18:51 <DIR> --d----- c:\program files\Microsoft Analysis Services

==================== Find3M ====================

2010-12-10 12:48 704,552 a------- c:\windows\system32\PerfStringBackup.TMP
2010-11-30 11:23 51,200 a------- c:\windows\inf\infpub.dat
2010-11-30 11:23 143,360 a------- c:\windows\inf\infstrng.dat
2010-11-30 11:23 86,016 a------- c:\windows\inf\infstor.dat
2010-11-30 10:36 665,600 a------- c:\windows\inf\drvindex.dat
2010-11-29 17:42 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 17:42 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-10-19 10:41 222,080 -------- c:\windows\system32\MpSigStub.exe
2010-08-10 11:03 47,360 a------- c:\users\owner\appdata\roaming\pcouffin.sys
2010-05-23 16:38 256 a------- c:\program files\DE.bin
2010-05-23 16:38 39 a------- c:\program files\ntuser.dat
2009-01-26 14:35 0 a------- c:\programdata\PKP_DLdy.DAT
2009-01-26 14:35 0 a------- c:\progra~2\PKP_DLdy.DAT
2008-11-13 09:38 174 a--sh--- c:\program files\desktop.ini
2008-09-25 22:46 0 a------- c:\programdata\PKP_DLbz.DAT
2008-09-25 22:46 0 a------- c:\progra~2\PKP_DLbz.DAT
2006-11-02 18:12 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 18:12 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 18:12 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 18:12 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2003-09-16 01:19 99,544 a------- c:\windows\inf\virprn.exe
2003-09-16 01:19 18,950 a------- c:\windows\inf\virpntd.dll
2003-09-16 01:19 10,240 a------- c:\windows\inf\virport.dll
2003-09-16 01:19 90,624 a------- c:\windows\inf\prtproc.dll
1998-12-09 08:23 186,368 a------- c:\program files\common files\IRAREG.DLL
1998-12-09 08:23 99,840 a------- c:\program files\common files\IRAABOUT.DLL
1998-12-09 08:23 70,144 a------- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 08:23 48,640 a------- c:\program files\common files\IRALPTTR.DLL
1998-12-09 08:23 31,744 a------- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 08:23 17,920 a------- c:\program files\common files\IRASRIAL.DLL
2010-12-10 12:59 262,144 a--sh--- c:\windows\serviceprofiles\networkservice\NTUSER.DAT

============= FINISH: 12:59:31.67 ===============

Satdeep · 2010/12/10

DDS LOG 2 (Attach)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25-09-2008 18:40:57
System Uptime: 12-10-2010 12:37:53 (1416 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | N/A | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 44.817 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
Airtel Virtual Engineer 8
ArcSoft Magic-i Visual Effects
ATI Catalyst Install Manager
Branding
Browser Hijack Recover(BHR) 3.0
Camera Control Pro 2
Canon ScanGear Starter
CanoScan Toolbox Ver4.9
Capture NX
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
ChartNexus
Compatibility Pack for the 2007 Office system
Definition update for Microsoft Office 2010 (KB982726)
DivX Web Player
DxO Optics Pro 5.3.2
ExifPro 1.0 Photo Viewer
FlashGet 1.9.6.1073
FreshUI
Google Talk Plugin
Guitar Pro 5.2
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Image Converter 3
Instant Mode
Java(TM) 6 Update 11
LingvoSoft Dictionary 2006 (English<->Portuguese) for Windows
LingvoSoft Talking Dictionary 2007 English<->Portuguese for Windows
Malwarebytes' Anti-Malware
MetaStock 10.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 Professional
Microsoft Office 2003 Web Components
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word Viewer 2003
Microsoft Project Professional 2010
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
Mozilla Firefox (3.0.8)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEF Codec
Nero 7 Essentials
neroxml
Nokia Connectivity Cable Driver
OGA Notifier 2.0.0048.0
ooVoo
OpenAL
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
Picasa 3
Picture Control Utility
PIXresizer 2.0.3
Protector Suite QL 5.6
RapidShare Manager
Real Alternative 1.9.0 Lite
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Roxio Activation Module
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289161)
Setting Utility Series
Skins
Skype™ 3.8
SonicStage 4.3
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Video Shared Library
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TeamViewer 6
TOEFL Sample Questions
TradeTiger
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
VAIO Camera Capture Utility
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
VAIO Manual
VAIO Media
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.2
VAIO Media Redistribution 6.0
VAIO Media Registration Tool
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Setting
VAIO Power Management
VAIO Update 3
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.762
VLC media player 0.9.2
WIDCOMM Bluetooth Software 6.1.0.2200
Winamp (remove only)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Wireless Switch Setting Utility
ZTE CDMA1X MODEM

==== End Of File ===========================

Satdeep · 2010/12/10

Truncated GMER LOG

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-10 13:57:19
Windows 6.0.6001 Service Pack 1
Running: sltjiv33.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pxldypow.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FF88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740398A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FFB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FEFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FF7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FEEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7402B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FFBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FF074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FF06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FE71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7407D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74017379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FEE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FE697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FE69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FF2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bfb57dc05 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e3da2cc8a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e3de2fd88 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb57dc05
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3da2cc8a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3de2fd88
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bfb57dc05 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3da2cc8a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3de2fd88 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Satdeep · 2010/12/10

I have also had a thought. Is it possible that the issues I have are due to SP2 not installing properly?

Either way, I am grateful to anyone who takes the time to go through my issue.

Satdeep · 2010/12/10

MBAM LOG (I forgot to paste this one.)

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5282

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

10-12-2010 00:15:10
mbam-log-2010-12-10 (00-15-10).txt

Scan type: Quick scan
Objects scanned: 159103
Time elapsed: 10 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BPS Spyware Remover_is1 (BulletProofSoftware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03371ADD-AA89-4C4D-B877-BF18EBBB620C} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F59FA288-5B7C-47AC-B74B-86970A882ADC} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5744C632-83B4-4866-8E38-065029A07AB2} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BPSCore.Error (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) -> Value: Taskman -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Heuristics.Shuriken) -> Bad: (C:\Users\Owner\yeawl.exe) Good: () -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\bps remover (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Patches (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Owner\yeawl.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Windows\System32\md5.dll (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\191851.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\program files\bps remover\Francais.jpg (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Box.bps (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\BPSRem.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Core.dll (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\DataBase.ini (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\DB.fix (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\DB1.bps (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\DB2.bps (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\DB3.bps (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\DB4.bps (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\DB5.bps (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\English.inf (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\English.jpg (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Errors.txt (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Espanol.inf (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Espanol.jpg (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\EXCLUDEL.DAT (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\exList.dat (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\FixConf.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Francais.inf (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\guard.bps (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Help.chm (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\home.bps (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\hosts (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\ignorelst98 (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\ignorelstxp (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Italiano.inf (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Italiano.jpg (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Mask.skn (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Purchase.bps (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\scan session.txt (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\scanning.bps (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\Splash.spl (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\unins000.dat (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\unins000.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\update.cli (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
c:\program files\bps remover\update.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

broni · 2010/12/10

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Satdeep · 2010/12/11

Hello Broni,

Thanks a lot for your response.

I ran the TDSSKiller.exe. It did not report any infection. The log file is pasted underneath.

2010/12/11 23:31:01.0961 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/11 23:31:01.0961 ================================================================================
2010/12/11 23:31:01.0961 SystemInfo:
2010/12/11 23:31:01.0961
2010/12/11 23:31:01.0961 OS Version: 6.0.6001 ServicePack: 1.0
2010/12/11 23:31:01.0961 Product type: Workstation
2010/12/11 23:31:01.0961 ComputerName: SSM
2010/12/11 23:31:01.0961 UserName: Owner
2010/12/11 23:31:01.0961 Windows directory: C:\Windows
2010/12/11 23:31:01.0961 System windows directory: C:\Windows
2010/12/11 23:31:01.0961 Processor architecture: Intel x86
2010/12/11 23:31:01.0961 Number of processors: 2
2010/12/11 23:31:01.0961 Page size: 0x1000
2010/12/11 23:31:01.0961 Boot type: Normal boot
2010/12/11 23:31:01.0961 ================================================================================
2010/12/11 23:31:02.0578 Initialize success
2010/12/11 23:31:31.0385 ================================================================================
2010/12/11 23:31:31.0385 Scan started
2010/12/11 23:31:31.0385 Mode: Manual;
2010/12/11 23:31:31.0385 ================================================================================
2010/12/11 23:31:32.0942 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/12/11 23:31:33.0055 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/11 23:31:33.0128 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/11 23:31:33.0191 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/11 23:31:33.0240 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/11 23:31:33.0388 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/12/11 23:31:33.0454 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/12/11 23:31:33.0535 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/11 23:31:33.0601 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/12/11 23:31:33.0651 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/12/11 23:31:33.0763 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/12/11 23:31:33.0835 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/11 23:31:33.0898 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/11 23:31:33.0969 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/11 23:31:34.0046 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/11 23:31:34.0165 ArcSoftKsUFilter (97422da56910a24b7ac8d295f5fd9535) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2010/12/11 23:31:34.0297 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/11 23:31:34.0404 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/12/11 23:31:34.0504 athr (d5abeb24a3a3138b35f88931fb04e100) C:\Windows\system32\DRIVERS\athr.sys
2010/12/11 23:31:34.0739 atikmdag (932481db5f321e7bd56d3d7baa1fb3c3) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/11 23:31:34.0936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/11 23:31:35.0135 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/11 23:31:35.0192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/11 23:31:35.0243 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/11 23:31:35.0321 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/11 23:31:35.0383 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/11 23:31:35.0471 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/11 23:31:35.0545 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/11 23:31:35.0622 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/12/11 23:31:35.0728 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/11 23:31:35.0795 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/12/11 23:31:35.0869 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
2010/12/11 23:31:35.0980 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/12/11 23:31:36.0065 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
2010/12/11 23:31:36.0114 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
2010/12/11 23:31:36.0175 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
2010/12/11 23:31:36.0229 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/12/11 23:31:36.0414 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/11 23:31:36.0528 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/11 23:31:36.0633 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/11 23:31:36.0717 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/12/11 23:31:36.0835 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/11 23:31:36.0886 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/12/11 23:31:36.0967 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/11 23:31:37.0054 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/11 23:31:37.0151 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/11 23:31:37.0247 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/12/11 23:31:37.0344 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/12/11 23:31:37.0407 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2010/12/11 23:31:37.0508 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/11 23:31:37.0669 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/11 23:31:37.0750 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/11 23:31:37.0838 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/12/11 23:31:37.0982 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/11 23:31:38.0127 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/12/11 23:31:38.0247 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/12/11 23:31:38.0315 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/11 23:31:38.0388 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/11 23:31:38.0460 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/11 23:31:38.0534 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/11 23:31:38.0601 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/12/11 23:31:38.0656 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/11 23:31:38.0723 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/11 23:31:38.0821 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/11 23:31:38.0903 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/11 23:31:38.0967 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/11 23:31:39.0034 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/11 23:31:39.0134 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/11 23:31:39.0224 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/11 23:31:39.0311 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/11 23:31:39.0436 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/11 23:31:39.0545 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/11 23:31:39.0645 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/12/11 23:31:39.0729 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/11 23:31:39.0802 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/11 23:31:39.0900 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/11 23:31:40.0033 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/11 23:31:40.0151 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/11 23:31:40.0267 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/11 23:31:40.0327 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/11 23:31:40.0451 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/11 23:31:40.0567 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/11 23:31:40.0648 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/11 23:31:40.0717 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/11 23:31:40.0790 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/12/11 23:31:40.0875 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/11 23:31:40.0961 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/11 23:31:41.0016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/11 23:31:41.0101 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/11 23:31:41.0161 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/11 23:31:41.0260 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/11 23:31:41.0447 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/11 23:31:41.0549 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/11 23:31:41.0627 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/11 23:31:41.0692 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/11 23:31:41.0784 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/11 23:31:41.0859 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/11 23:31:41.0937 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/11 23:31:42.0008 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/11 23:31:42.0091 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/11 23:31:42.0166 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/11 23:31:42.0258 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/11 23:31:42.0341 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/11 23:31:42.0425 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/11 23:31:42.0506 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/11 23:31:42.0576 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/11 23:31:42.0654 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/12/11 23:31:42.0756 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/11 23:31:42.0822 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/11 23:31:42.0874 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/11 23:31:43.0050 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/12/11 23:31:43.0292 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/11 23:31:43.0396 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/11 23:31:43.0446 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/11 23:31:43.0511 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/11 23:31:43.0604 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/11 23:31:43.0679 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/11 23:31:43.0764 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/12/11 23:31:43.0844 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/11 23:31:43.0917 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/11 23:31:43.0986 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/12/11 23:31:44.0090 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/11 23:31:44.0214 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/12/11 23:31:44.0315 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/11 23:31:44.0385 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/11 23:31:44.0461 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/11 23:31:44.0541 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/11 23:31:44.0642 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/11 23:31:44.0731 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/11 23:31:44.0913 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/12/11 23:31:45.0125 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/12/11 23:31:45.0304 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/11 23:31:45.0390 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
2010/12/11 23:31:45.0465 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/12/11 23:31:45.0535 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/11 23:31:45.0648 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/12/11 23:31:45.0755 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/11 23:31:45.0837 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/11 23:31:45.0886 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/11 23:31:45.0963 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/11 23:31:46.0036 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/12/11 23:31:46.0191 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/11 23:31:46.0399 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/11 23:31:46.0469 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/12/11 23:31:46.0525 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/11 23:31:46.0618 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/12/11 23:31:46.0731 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/12/11 23:31:46.0792 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/11 23:31:46.0872 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/11 23:31:46.0980 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/11 23:31:47.0182 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/11 23:31:47.0248 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/11 23:31:47.0327 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/11 23:31:47.0382 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/11 23:31:47.0489 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/11 23:31:47.0597 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/11 23:31:47.0674 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/11 23:31:47.0735 R5U870FLx86 (68e04f3944e6f82c64b53f8a8f13fb3a) C:\Windows\system32\Drivers\R5U870FLx86.sys
2010/12/11 23:31:47.0817 R5U870FUx86 (7f1356060d1894b46554a0d8e6f13958) C:\Windows\system32\Drivers\R5U870FUx86.sys
2010/12/11 23:31:47.0880 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/11 23:31:47.0955 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/11 23:31:48.0040 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/11 23:31:48.0144 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/11 23:31:48.0185 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/11 23:31:48.0283 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/11 23:31:48.0411 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/12/11 23:31:48.0508 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/11 23:31:48.0587 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/12/11 23:31:48.0666 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/12/11 23:31:48.0754 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/11 23:31:48.0862 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/11 23:31:48.0972 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/11 23:31:49.0049 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/11 23:31:49.0112 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/11 23:31:49.0199 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/11 23:31:49.0267 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/11 23:31:49.0388 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2010/12/11 23:31:49.0457 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/12/11 23:31:49.0537 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/11 23:31:49.0585 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/11 23:31:49.0631 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/11 23:31:49.0743 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/12/11 23:31:49.0835 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/11 23:31:49.0894 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/11 23:31:49.0977 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/12/11 23:31:50.0069 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/11 23:31:50.0200 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2010/12/11 23:31:50.0254 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/11 23:31:50.0300 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/11 23:31:50.0433 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/11 23:31:50.0547 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/11 23:31:50.0606 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/11 23:31:50.0661 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/11 23:31:50.0724 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/11 23:31:50.0894 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/12/11 23:31:51.0072 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/11 23:31:51.0140 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/11 23:31:51.0232 TcUsb (07d174a992ab0ea6001f390de1afa27b) C:\Windows\system32\Drivers\tcusb.sys
2010/12/11 23:31:51.0304 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/11 23:31:51.0379 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/11 23:31:51.0450 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/11 23:31:51.0596 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/11 23:31:51.0713 ti21sony (030f439ac1ccda7ac6ce01cc02102045) C:\Windows\system32\drivers\ti21sony.sys
2010/12/11 23:31:51.0832 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/11 23:31:51.0896 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/11 23:31:51.0957 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/11 23:31:52.0030 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/11 23:31:52.0101 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/11 23:31:52.0273 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/11 23:31:52.0363 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/11 23:31:52.0437 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/11 23:31:52.0485 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/11 23:31:52.0573 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/11 23:31:52.0670 upperdev (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2010/12/11 23:31:52.0757 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/11 23:31:52.0830 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/11 23:31:52.0930 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/11 23:31:53.0030 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/11 23:31:53.0098 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/11 23:31:53.0170 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/11 23:31:53.0260 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/11 23:31:53.0490 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
2010/12/11 23:31:53.0657 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/11 23:31:53.0697 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/11 23:31:53.0748 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/11 23:31:53.0887 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/11 23:31:53.0932 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/11 23:31:54.0014 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/12/11 23:31:54.0125 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/11 23:31:54.0209 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/12/11 23:31:54.0285 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/11 23:31:54.0390 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/12/11 23:31:54.0471 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/12/11 23:31:54.0533 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/11 23:31:54.0640 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/11 23:31:54.0737 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/11 23:31:54.0753 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/11 23:31:54.0821 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/11 23:31:54.0922 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/11 23:31:55.0039 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2010/12/11 23:31:55.0148 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/11 23:31:55.0358 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/11 23:31:55.0465 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/11 23:31:55.0591 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/11 23:31:55.0832 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/11 23:31:55.0897 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/11 23:31:56.0040 zteusbser (6c8beb4e89bcf08b544afd3f91c24ee8) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
2010/12/11 23:31:56.0129 ================================================================================
2010/12/11 23:31:56.0129 Scan finished
2010/12/11 23:31:56.0129 ================================================================================
2010/12/11 23:47:10.0709 Deinitialize success

Further update: As I mentioned earlier, Vista SP2 did not install properly earlier on my machine. Yesterday, I downloaded the SP2 and tried to install it manually, thinking that the problem maybe caused by SP2 failing to install. It took about 3 hours to install the update in 3 steps. Once it reached 100% of the 3rd update I received a message informing me that the update was not installed and was being rolled back. The system took a further 3 hours to revert to the earlier state. Just thought you may like to know this.

Warm Regards,

Satdeep

broni · 2010/12/11

For now, leave SP2 alone.
We have to make sure, your computer is clean, first.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Satdeep · 2010/12/15

Hello Broni,

Thanks for your response. I ran rkill as recommended. Here is the log.

=========================================================================
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12-12-2010 at 17:03:35.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

Rkill completed on 12-12-2010 at 17:03:36.
===================================================================================

However, I was unable to run combofix after this in normal or in safe mode. The laptop just hanged. It stayed that way till I forced a reboot.

What should I do next?

Regards,
Satdeep

broni · 2010/12/15

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Log in or Sign up

Inactive Windows Vista Machine Problem

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

broni Moderator Malware Analyst

Satdeep Inactive Thread Starter

broni Moderator Malware Analyst

Satdeep Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Windows Vista Machine Problem

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

Satdeep Inactive Thread Starter

broni Moderator Malware Analyst

Satdeep Inactive Thread Starter

broni Moderator Malware Analyst

Satdeep Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches