Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection on win 7


  • This topic is locked This topic is locked
19 replies to this topic

#1 metabesk

metabesk

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 04 June 2011 - 02:20 AM

After working some 10 mins mozilla firefox's search motors seciton doesn't work. You keep pressing the search button or enter key but nothing happens and after a 5 min all the computer hangs, no mouse clicks double clicks or right clicks works,you can2t open task manager, you can do nothing but wait. No error messages,only possible solution is to reset. Running combofix didn't solve it. I'm an expert user believe me it's an infection.
i'm attaching a hijack this log.
Sincerely waiting for your help
Thanks in advance Attached File  hijackthis.log   8.98KB   4 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 09 June 2011 - 02:35 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 metabesk

metabesk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 09 June 2011 - 03:17 AM

For starters, let me thank you so much for your effort and sacrifice of your own free time.

-The only thing that happened different than your directions was: attach.txt was saved into "c:\Users\Deniz\AppData\Local\Temp" directory not into desktop. If it's relevant for you.

the contents of dds.txt:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_25
Run by Deniz at 11:00:34 on 2011-06-09
Microsoft Windows 7 Professional 6.1.7601.1.1254.90.1033.18.2047.1255 [GMT 3:00]
.
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\DllHost.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Babylon\Babylon-Pro\TC\BabylonTC.exe
C:\Windows\system32\DllHost.exe
C:\ProgramData\Easybits GO\EasyBitsGO.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [RivaTuner] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /T
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mRun: [RTSS] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\tools\rtss\RTSSWrapper.exe" /s
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
StartupFolder: c:\users\deniz\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Microsoft Excel'e Gö&nder - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {57CD0DF4-DACC-439D-9173-3F6A8EC3FFE3} - hxxp://demircid.no-ip.org:10000/IPCamPluginMegaDM.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{08E81028-9A9D-440B-9694-FFDF6B968628} : NameServer = 8.8.8.8
TCP: Interfaces\{70F77951-2DF9-4AF9-B131-6D94812120D1} : NameServer = 8.8.8.8
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\deniz\appdata\roaming\mozilla\firefox\profiles\q6737q3c.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en&q=
FF - prefs.js: network.proxy.http - 194.27.128.8
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2010-11-30 752128]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-11-30 3975088]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-26 176128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-3-19 93312]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-15 2218600]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-4 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-16 2228008]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-11-30 163232]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2011-6-3 38608]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2007-8-24 564864]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-21 328808]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-12-16 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-27 229888]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-1-8 1500160]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-7-15 101904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-25 1343400]
.
=============== Created Last 30 ================
.
2011-06-09 04:54:35 -------- d-----w- c:\users\deniz\appdata\local\{924B5E83-2671-474C-8DF4-4EBD978ED0BD}
2011-06-08 04:23:05 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{43af3475-1ec1-48d1-afc0-c20458981c84}\mpengine.dll
2011-06-08 04:20:32 -------- d-----w- c:\users\deniz\appdata\local\{3DE9A640-BFE8-4D40-92CB-F3EACD36E18F}
2011-06-07 09:15:03 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-07 02:32:38 -------- d-----w- c:\users\deniz\appdata\local\{B23F195D-712F-49B5-A59F-0C90F86F0AF4}
2011-06-06 03:10:40 -------- d-----w- c:\users\deniz\appdata\local\{CE26062D-FDEF-4A90-9BD0-3E4CF9DCA472}
2011-06-05 05:42:52 -------- d-----w- C:\Diskeeper
2011-06-05 05:22:05 -------- d-----w- c:\users\deniz\appdata\local\{6F139C06-3221-4878-A341-CFEF26BCD839}
2011-06-04 11:43:09 -------- d-----w- c:\users\deniz\appdata\local\{600A6D85-5CE0-44CC-A4CF-C256B9DCE3D2}
2011-06-04 07:04:06 388096 ----a-r- c:\users\deniz\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-04 07:04:06 -------- d-----w- c:\program files\Trend Micro
2011-06-04 06:43:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-04 06:43:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-04 06:40:38 -------- d-----w- c:\users\deniz\appdata\roaming\Malwarebytes
2011-06-04 06:40:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-04 06:40:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 06:40:32 -------- d-----w- c:\programdata\Malwarebytes
2011-06-04 06:40:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-04 06:11:51 -------- d-----w- c:\windows\system32\Plugins
2011-06-03 11:42:27 -------- d-----w- c:\users\deniz\appdata\local\{8BB0433A-0987-4FB9-AEAA-E05D5CA3E870}
2011-06-03 07:08:14 -------- d---a-w- c:\users\deniz\appdata\roaming\.minecraft
2011-06-03 06:42:38 -------- d-----w- c:\users\deniz\appdata\roaming\Rovio
2011-06-03 06:40:58 -------- d-----w- c:\program files\Rovio
2011-06-03 06:01:59 38608 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2011-06-03 06:01:56 -------- d-----w- c:\program files\common files\Diskeeper Corporation
2011-06-03 06:01:55 -------- d-----w- c:\programdata\Diskeeper Corporation
2011-06-03 06:01:53 -------- d-----w- c:\program files\Windows Home Server
2011-06-03 06:01:53 -------- d-----w- c:\program files\Diskeeper
2011-06-03 06:01:03 -------- d-----w- c:\program files\Diskeeper Setup Files
2011-06-02 08:19:13 -------- d-----w- c:\users\deniz\appdata\local\{B95786A2-B660-4290-B0DA-24E0CC6157BF}
2011-06-01 19:50:43 -------- d-----w- c:\users\deniz\appdata\local\The Witcher 2
2011-06-01 08:18:33 -------- d-----w- c:\users\deniz\appdata\local\{0D0A4E11-7C1D-443C-B4FF-906BD290E587}
2011-05-30 08:17:26 -------- d-----w- c:\users\deniz\appdata\local\{D62629C3-EB9E-40C7-B961-96C03CCFE298}
2011-05-29 20:16:59 -------- d-----w- c:\users\deniz\appdata\local\{171D9EF6-3C15-4CB8-8ABE-DE4778CDD412}
2011-05-29 17:30:27 -------- d-----w- C:\Edraw Max
2011-05-29 16:46:50 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-05-29 14:42:57 -------- d-----w- c:\program files\Edraw Max
2011-05-29 11:27:17 -------- d-----w- c:\users\deniz\appdata\roaming\Canneverbe Limited
2011-05-29 11:27:17 -------- d-----w- c:\programdata\Canneverbe Limited
2011-05-29 08:18:42 -------- d-----w- c:\users\deniz\appdata\roaming\go
2011-05-29 08:18:40 -------- d-----w- c:\programdata\Easybits GO
2011-05-29 08:16:32 -------- d-----w- c:\users\deniz\appdata\local\{3A74E22A-485E-426B-BCD0-438F488D94B5}
2011-05-28 18:31:23 -------- d-----w- c:\program files\Super Sapper - The Ultimate Minesweeper
2011-05-28 18:05:12 -------- d-----w- c:\users\deniz\appdata\local\{4DCF38C4-100A-4184-830B-9020191B3881}
2011-05-28 12:45:58 -------- d-----w- c:\program files\TuneUpMedia
2011-05-28 12:45:56 -------- d-----w- c:\users\deniz\appdata\roaming\TuneUpMedia
2011-05-28 12:45:52 -------- d-----w- c:\programdata\TuneUpMedia
2011-05-28 12:42:55 0 ----a-r- C:\logwmemory.bin
2011-05-28 12:39:59 -------- d-----w- c:\users\deniz\appdata\local\OpenCandy
2011-05-28 12:39:52 -------- d-----w- c:\users\deniz\appdata\roaming\OpenCandy
2011-05-28 12:39:36 -------- d-----w- c:\users\deniz\appdata\roaming\Soldat
2011-05-28 12:39:36 -------- d-----w- C:\Soldat
2011-05-28 10:12:41 -------- d-----w- c:\users\deniz\datf
2011-05-28 10:07:03 -------- d-----w- c:\program files\Death and the Fly
2011-05-28 10:06:43 -------- d-----w- c:\program files\Smuggle Truck
2011-05-28 07:54:15 -------- d-----w- c:\program files\Star Sky
2011-05-28 06:04:45 -------- d-----w- c:\users\deniz\appdata\local\{DD38FF91-560E-4081-BC38-E46C21C463F6}
2011-05-27 17:25:14 -------- d-----w- c:\users\deniz\appdata\local\Babylon
2011-05-27 17:24:39 142336 ----a-w- c:\program files\mozilla firefox\BabyFox.dll
2011-05-27 17:24:34 -------- d-----w- c:\program files\Babylon
2011-05-27 17:24:07 -------- d-----w- c:\users\deniz\appdata\roaming\Babylon
2011-05-27 17:24:07 -------- d-----w- c:\programdata\Babylon
2011-05-27 16:37:40 -------- d-----w- c:\users\deniz\appdata\local\{612BD974-A8B0-4F88-891A-756D9EC05CF9}
2011-05-26 06:25:07 -------- d-----w- c:\users\deniz\appdata\local\{4D1A543A-114E-415B-A654-A63A04D9DA5F}
2011-05-25 06:25:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 06:24:21 -------- d-----w- c:\users\deniz\appdata\local\{AD7C84A1-3286-4B24-BEA6-245C49D64F04}
2011-05-25 05:29:24 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 11:15:07 -------- d-----w- c:\program files\WinPcap
2011-05-24 11:13:35 -------- d-----w- c:\program files\WMR14
2011-05-24 10:53:23 -------- d-----w- c:\users\deniz\appdata\local\{461638FB-2BFD-465E-A3EF-4E7987BA7682}
2011-05-23 22:52:56 -------- d-----w- c:\users\deniz\appdata\local\{EB7F8C15-7BBD-4557-A8E8-137FD588EA53}
2011-05-22 10:51:53 -------- d-----w- c:\users\deniz\appdata\local\{D35C24C7-FFF8-4796-B45D-82410BFEFDCF}
2011-05-21 10:51:45 -------- d-----w- c:\program files\Link2Cam
2011-05-21 10:51:20 -------- d-----w- C:\ipcamskype
2011-05-21 10:34:18 -------- d-----w- c:\program files\wLite
2011-05-21 09:57:47 -------- d-----w- c:\users\deniz\appdata\local\{47A569F2-CB56-49D5-8238-AA44C423A5F6}
2011-05-20 20:21:09 -------- d-----w- C:\sw4
2011-05-20 07:28:26 -------- d-----w- c:\users\deniz\appdata\local\{D5AD1E1D-2F68-4B92-9F9F-2913D61D1578}
2011-05-19 07:02:45 -------- d-----w- c:\users\deniz\appdata\local\{FC179F66-7493-4F1A-868B-1F5BF0BBE9CE}
2011-05-18 12:26:52 -------- d-----w- c:\users\deniz\appdata\local\3DMGAME
2011-05-18 05:31:15 -------- d-----w- c:\users\deniz\appdata\local\{0C9BF7BC-3D46-4D14-84AF-D0E1282E5C55}
2011-05-17 14:42:30 -------- d-----w- c:\users\deniz\appdata\local\{835D62A6-CAFF-4A12-980D-EDCBE65EF896}
2011-05-16 19:05:24 -------- d-----w- c:\users\deniz\appdata\local\{E94B5027-F7C9-4673-A787-4B3BEB1510CE}
2011-05-16 13:24:35 -------- d-----w- c:\program files\JDownloader
2011-05-15 09:38:07 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-15 09:38:07 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-15 09:38:07 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-15 09:38:06 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-15 09:38:06 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-15 09:38:06 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-15 09:38:06 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-15 09:38:06 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-15 09:38:06 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-15 07:04:26 -------- d-----w- c:\users\deniz\appdata\local\{9446D6B8-7428-4478-B7E2-2E4AE823862F}
2011-05-14 17:38:04 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-14 10:52:48 -------- d-----w- C:\Hydrophobia.Prophecy.Update.3-SKIDROW
2011-05-14 09:23:42 -------- d-----w- c:\users\deniz\.android
2011-05-14 09:23:29 -------- d-----w- c:\program files\Android
2011-05-14 09:22:46 -------- d-----w- c:\program files\Sun
2011-05-14 08:36:16 -------- d-----w- c:\users\deniz\appdata\local\{1E9A9465-6314-4F8E-BA90-325B12C538FA}
2011-05-13 18:51:41 -------- d-----w- c:\program files\SpeedFan
2011-05-13 05:30:27 -------- d-----w- c:\users\deniz\appdata\local\{4ECD2E1C-BBC1-44C9-AFDB-8EAC0F916AD2}
2011-05-12 06:09:58 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-12 06:09:56 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-12 04:58:55 -------- d-----w- c:\users\deniz\appdata\local\{820EA58E-C7B9-45EA-BC5B-3972C4E77281}
2011-05-10 13:57:12 -------- d-----w- c:\users\deniz\appdata\local\{4A634A86-11D8-4A54-8FA3-562B885DBAEB}
.
==================== Find3M ====================
.
2011-05-14 09:22:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 15:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 15:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-08 05:14:00 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14:00 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14:00 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14:00 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-07 19:45:08 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 19:45:06 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 19:45:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 19:44:58 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 19:44:48 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-22 17:53:12 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-22 17:53:10 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 11:01:13,73 ===============


the contents of Attach.txt



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24.11.2010 19:48:32
System Uptime: 09.06.2011 07:50:26 (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5LD2-SE
Processor: Intel® Core™2 CPU 6600 @ 2.40GHz | LGA 775 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 260,355 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 8,648 GiB free.
E: is FIXED (NTFS) - 78 GiB total, 8,852 GiB free.
F: is FIXED (NTFS) - 290 GiB total, 246,251 GiB free.
H: is CDROM ()
I: is CDROM ()
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7002&SUBSYS_00201102&REV_07\4&B244743&0&11F0
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7002&SUBSYS_00201102&REV_07\4&B244743&0&11F0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Office sistemi için Uyumluluk Paketi
Acronis True Image Home 2011
Active@ File Recovery
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.2
Adobe Stock Photos 1.0
Advanced Port Scanner v1.3
Alchemia
Alternativa
Android SDK Tools
Angry Birds Rio
Apple Application Support
Apple Software Update
Ask Toolbar
Assassin's Creed Brotherhood
µTorrent
Babylon
CDBurnerXP
CDisplay 1.8
COWON Media Center - jetAudio Plus VX
D3DX10
DarkStar
DH Driver Cleaner Professional Edition
Diskeeper 2011 Pro Premier
Dragon Age II
EasyBits GO
Edna and Harvey - The Breakout
Edraw Max 5.6
ESET NOD32 Antivirus
Fate by Numbers 1.1.0
GOM Player
HiJackThis
Homefront version 1.0
Hydrophobia: Prophecy
iCare Data Recovery 3.8.3
International Basketball Manager
IP Camera DS Filter
Java Auto Updater
Java DB 10.6.2.1
Java™ 6 Update 25
Java™ SE Development Kit 6 Update 25
JDownloader 0.9
Link2Cam
Malwarebytes' Anti-Malware
MATLAB R2009b
Medal of Honor ™
Media Player Classic - Home Cinema v1.4.2499.0
MediaInfo 0.7.41
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
MKVtoolnix 4.4.0
Mozilla Firefox 4.0.1 (x86 tr)
MSVCRT
Naviextras Toolbox
Naviextras Toolbox Prerequesities
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA 3D Vision Driver 270.61
NVIDIA Control Panel 270.61
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.1.34
NVIDIA Update Components
OpenAL
PowerISO
Pro Evolution Soccer 2011
PunkBuster Services
PVSonyDll
QuickTime
RailWorks 2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Skype Toolbars
Skype™ 5.3
SMPlayer 0.6.9
Soldat Beta 1.5.1
SolSuite 2011 v11.2
SopCast 3.2.9
SoundMAX
SpeedFan (remove only)
Spybot - Search & Destroy
TeamViewer 6
Test Drive Unlimited 2
The First Templar 1.00
The KMPlayer (remove only)
The Next BIG Thing (English)
The Witcher 2
TP-LINK Wireless Client Utility
TuneUp Companion 2.0.9
Ubisoft Game Launcher
v2011.build.45
VLC media player 1.1.7
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
WinRAR archiver
WM Recorder
.
==== Event Viewer Messages From Past Week ========
.
09.06.2011 08:09:57, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
09.06.2011 07:50:51, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
07.06.2011 12:13:56, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
07.06.2011 06:04:25, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
07.06.2011 06:04:14, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
07.06.2011 05:53:03, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
07.06.2011 05:52:03, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe LM Service service to connect.
07.06.2011 05:52:03, Error: Service Control Manager [7000] - The Adobe LM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07.06.2011 05:51:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
06.06.2011 18:20:10, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.
06.06.2011 12:39:13, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
04.06.2011 22:45:12, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
04.06.2011 11:54:32, Error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
04.06.2011 10:22:14, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
04.06.2011 09:31:34, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
04.06.2011 09:31:24, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 21
04.06.2011 09:31:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
04.06.2011 09:31:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
04.06.2011 09:31:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
04.06.2011 09:31:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04.06.2011 09:31:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
04.06.2011 09:31:05, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv SCDEmu spldr Wanarpv6
04.06.2011 08:07:20, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
04.06.2011 07:58:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
04.06.2011 07:57:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
04.06.2011 07:57:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
04.06.2011 07:57:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04.06.2011 07:57:41, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
03.06.2011 09:03:43, Error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
03.06.2011 08:23:16, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
02.06.2011 08:31:46, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
02.06.2011 08:25:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
02.06.2011 08:25:19, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


RLunhooker's log:


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F400000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10686464 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 270.61 )
0x82C1B000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82C1B000 PnpManager 4268032 bytes
0x82C1B000 RAW 4268032 bytes
0x82C1B000 WMIxWDM 4268032 bytes
0x96D70000 Win32k 2416640 bytes
0x96D70000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8923C000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x88E7D000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9D21C000 C:\Windows\system32\DRIVERS\eamon.sys 770048 bytes (ESET, Amon monitor)
0x8FE33000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x89080000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x894DE000 C:\Windows\system32\DRIVERS\tdrpm273.sys 745472 bytes (Acronis, Acronis Try&Decide Volume Filter Driver)
0x8330B000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9EA2D000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x89404000 C:\Windows\system32\DRIVERS\timntr.sys 598016 bytes (Acronis, Acronis Backup Archive Explorer)
0x8DEF6000 C:\Windows\system32\drivers\kx.sys 565248 bytes (Eugene Gavrilov, kX Audio Driver)
0x9AA88000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8322B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x88C0A000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8DE39000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8900C000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E639000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x95342000 C:\Windows\system32\drivers\ADIHdAud.sys 335872 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x8FF42000 C:\Windows\system32\DRIVERS\Rt86win7.sys 335872 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x9EB4C000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9EAFC000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8FF9F000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88D38000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88C89000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9AA16000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x952ED000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832C9000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E756000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8949F000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x89137000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9AB85000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FEEA000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8302D000 ACPI_HAL 225280 bytes
0x8302D000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88E38000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8DFC8000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x893C7000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E693000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89386000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8DF80000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x895C8000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x88FAC000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x9AB0D000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x88CE2000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x88DAE000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x895A0000 C:\Windows\system32\DRIVERS\snapman.sys 163840 bytes (Acronis, Acronis Snapshot API)
0x9EB9E000 C:\Windows\system32\DRIVERS\afcdp.sys 159744 bytes (Acronis, File Level CDP Kernel Helper)
0x952B7000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x89211000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89175000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x833B6000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9AB62000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x95214000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9EACE000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8DEC3000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x833D9000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9D2D8000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x891CC000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8FF23000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E6CC000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x96C00000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x88E00000 C:\Windows\system32\DRIVERS\ehdrv.sys 118784 bytes (ESET, ESET Helper driver)
0x9529A000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x8F3B0000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9ABC0000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E70A000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x8F3CB000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9AB37000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DFAF000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x9ABE2000 C:\Windows\system32\DRIVERS\epfwwfpr.sys 102400 bytes (ESET, ESET Personal Firewall driver)
0x8DE9D000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8DE18000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8DE00000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x8E600000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x95236000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9524E000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x95265000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8320E000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x953D0000 C:\Windows\system32\drivers\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x88D98000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x95200000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x88FD7000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9AA6C000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E724000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88DD8000 00000102 73728 bytes
0x8E7DB000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8DEE4000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9AB50000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x88DD8000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x89200000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x953BF000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88E6C000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x95331000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88D17000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x832B0000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8E737000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8E6EB000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8F3E5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x893B7000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x9AA5C000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x88D28000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8FFEA000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8DEB5000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8E6FC000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x83200000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88D8A000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x89069000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8E748000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x952DF000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88C7B000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8E7CE000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x9539E000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8E7B7000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9528D000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9EAEF000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x88E1D000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8E7AB000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8E62D000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x891F2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x953AB000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x953F4000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x953E9000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8F3A5000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x88FF2000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E618000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FF94000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88D0C000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x95394000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E7A1000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E797000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x95283000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9EAC4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8E7C4000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x88DF3000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x9D36B000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x88DEA000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9D37E000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x953B6000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x89077000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x96FD0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89496000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x88CD1000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x832C1000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x9D2F9000 C:\Windows\system32\DRIVERS\DKRtWrt.sys 32768 bytes (Diskeeper Corporation, Diskeeper IntelliWrite Mini-Filter Driver)
0x895F5000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BCA000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88CDA000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x89000000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88E2A000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x88FEA000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x89594000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x891EB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8DE30000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x88D83000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x9D377000 C:\Users\Deniz\AppData\Local\Temp\mbr.sys 28672 bytes
0x9AA00000 C:\Windows\system32\drivers\npf.sys 28672 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0x893F9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9ABDB000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x9527C000 C:\Windows\system32\DRIVERS\teamviewervpn.sys 28672 bytes (TeamViewer GmbH, TeamViewerVPN Network Adapter)
0x8E6C5000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8959C000 C:\Windows\system32\speedfan.sys 16384 bytes (Almico Software, Speed Fan x32 Driver)
0x9D374000 C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys 12288 bytes
0x8FFF9000 C:\Windows\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0x8FE31000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 270.61 )
0x952DD000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x953E7000 C:\Windows\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x895FD000 C:\Windows\system32\giveio.sys 4096 bytes
==============================================
>Stealth
==============================================
0x85F04F13 Unknown page with executable code, 237 bytes
0x85E36DA4 Unknown page with executable code, 604 bytes
0x85E3ED46 Unknown page with executable code, 698 bytes

That's all. Thank you in advance. I wait your response.
Regards

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 09 June 2011 - 03:48 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 metabesk

metabesk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 09 June 2011 - 04:19 AM

Combofix log:

ComboFix 11-06-08.04 - Deniz 09.06.2011 12:02:55.6.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1254.90.1033.18.2047.1061 [GMT 3:00]
Running from: c:\users\Deniz\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-09 09:10 . 2011-06-09 09:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-09 09:10 . 2011-06-09 09:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-09 04:54 . 2011-06-09 04:54 -------- d-----w- c:\users\Deniz\AppData\Local\{924B5E83-2671-474C-8DF4-4EBD978ED0BD}
2011-06-08 04:23 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43AF3475-1EC1-48D1-AFC0-C20458981C84}\mpengine.dll
2011-06-08 04:20 . 2011-06-08 16:21 -------- d-----w- c:\users\Deniz\AppData\Local\{3DE9A640-BFE8-4D40-92CB-F3EACD36E18F}
2011-06-07 02:32 . 2011-06-07 02:32 -------- d-----w- c:\users\Deniz\AppData\Local\{B23F195D-712F-49B5-A59F-0C90F86F0AF4}
2011-06-06 03:10 . 2011-06-06 03:10 -------- d-----w- c:\users\Deniz\AppData\Local\{CE26062D-FDEF-4A90-9BD0-3E4CF9DCA472}
2011-06-05 05:42 . 2011-06-05 05:43 -------- d-----w- C:\Diskeeper
2011-06-05 05:22 . 2011-06-05 05:22 -------- d-----w- c:\users\Deniz\AppData\Local\{6F139C06-3221-4878-A341-CFEF26BCD839}
2011-06-04 11:43 . 2011-06-04 11:43 -------- d-----w- c:\users\Deniz\AppData\Local\{600A6D85-5CE0-44CC-A4CF-C256B9DCE3D2}
2011-06-04 07:04 . 2011-06-04 07:04 388096 ----a-r- c:\users\Deniz\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-04 07:04 . 2011-06-04 07:04 -------- d-----w- c:\program files\Trend Micro
2011-06-04 06:43 . 2011-06-04 07:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-04 06:43 . 2011-06-04 06:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-04 06:40 . 2011-06-04 06:40 -------- d-----w- c:\users\Deniz\AppData\Roaming\Malwarebytes
2011-06-04 06:40 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-04 06:40 . 2011-06-04 06:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-04 06:40 . 2011-06-04 06:40 -------- d-----w- c:\programdata\Malwarebytes
2011-06-04 06:40 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 06:11 . 2011-06-04 06:30 -------- d-----w- c:\windows\system32\Plugins
2011-06-03 11:42 . 2011-06-03 23:42 -------- d-----w- c:\users\Deniz\AppData\Local\{8BB0433A-0987-4FB9-AEAA-E05D5CA3E870}
2011-06-03 07:08 . 2011-06-03 07:08 -------- d---a-w- c:\users\Deniz\AppData\Roaming\.minecraft
2011-06-03 06:42 . 2011-06-03 06:42 -------- d-----w- c:\users\Deniz\AppData\Roaming\Rovio
2011-06-03 06:40 . 2011-06-03 06:40 -------- d-----w- c:\program files\Rovio
2011-06-03 06:01 . 2011-06-03 06:01 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-03 06:01 . 2011-02-13 23:04 38608 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2011-06-03 06:01 . 2011-06-03 06:01 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2011-06-03 06:01 . 2011-06-03 06:01 -------- d-----w- c:\programdata\Diskeeper Corporation
2011-06-03 06:01 . 2011-06-09 04:53 -------- d-----w- c:\program files\Diskeeper
2011-06-03 06:01 . 2011-06-03 06:01 -------- d-----w- c:\program files\Windows Home Server
2011-06-03 06:01 . 2011-06-03 06:02 -------- d-----w- c:\program files\Diskeeper Setup Files
2011-06-02 08:19 . 2011-06-02 20:19 -------- d-----w- c:\users\Deniz\AppData\Local\{B95786A2-B660-4290-B0DA-24E0CC6157BF}
2011-06-01 19:50 . 2011-06-01 19:50 -------- d-----w- c:\users\Deniz\AppData\Local\The Witcher 2
2011-06-01 08:18 . 2011-06-01 20:18 -------- d-----w- c:\users\Deniz\AppData\Local\{0D0A4E11-7C1D-443C-B4FF-906BD290E587}
2011-05-30 08:17 . 2011-05-31 20:18 -------- d-----w- c:\users\Deniz\AppData\Local\{D62629C3-EB9E-40C7-B961-96C03CCFE298}
2011-05-29 20:16 . 2011-05-29 20:17 -------- d-----w- c:\users\Deniz\AppData\Local\{171D9EF6-3C15-4CB8-8ABE-DE4778CDD412}
2011-05-29 17:30 . 2011-05-29 17:31 -------- d-----w- C:\Edraw Max
2011-05-29 16:55 . 2011-05-29 16:55 -------- d-----w- c:\programdata\Adobe Systems
2011-05-29 16:46 . 2011-05-29 16:46 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2011-05-29 14:42 . 2011-05-29 17:25 -------- d-----w- c:\program files\Edraw Max
2011-05-29 11:27 . 2011-05-29 11:27 -------- d-----w- c:\users\Deniz\AppData\Roaming\Canneverbe Limited
2011-05-29 11:27 . 2011-05-29 11:27 -------- d-----w- c:\programdata\Canneverbe Limited
2011-05-29 11:26 . 2011-05-29 11:26 -------- d-----w- c:\program files\CDBurnerXP
2011-05-29 08:18 . 2011-06-09 05:04 -------- d-----w- c:\users\Deniz\AppData\Roaming\go
2011-05-29 08:18 . 2011-06-09 08:07 -------- d-----w- c:\programdata\Easybits GO
2011-05-29 08:16 . 2011-05-29 08:16 -------- d-----w- c:\users\Deniz\AppData\Local\{3A74E22A-485E-426B-BCD0-438F488D94B5}
2011-05-28 18:31 . 2011-05-28 18:31 -------- d-----w- c:\program files\Super Sapper - The Ultimate Minesweeper
2011-05-28 18:05 . 2011-05-28 18:05 -------- d-----w- c:\users\Deniz\AppData\Local\{4DCF38C4-100A-4184-830B-9020191B3881}
2011-05-28 12:45 . 2011-05-28 12:46 -------- d-----w- c:\program files\TuneUpMedia
2011-05-28 12:45 . 2011-05-29 11:58 -------- d-----w- c:\users\Deniz\AppData\Roaming\TuneUpMedia
2011-05-28 12:45 . 2011-05-28 12:46 -------- d-----w- c:\programdata\TuneUpMedia
2011-05-28 12:42 . 2011-05-28 12:42 0 ----a-r- C:\logwmemory.bin
2011-05-28 12:39 . 2011-05-29 07:52 -------- d-----w- c:\users\Deniz\AppData\Local\OpenCandy
2011-05-28 12:39 . 2011-05-29 07:52 -------- d-----w- c:\users\Deniz\AppData\Roaming\OpenCandy
2011-05-28 12:39 . 2011-05-29 17:01 -------- d-----w- C:\Soldat
2011-05-28 12:39 . 2011-05-29 17:00 -------- d-----w- c:\users\Deniz\AppData\Roaming\Soldat
2011-05-28 10:12 . 2011-05-28 10:25 -------- d-----w- c:\users\Deniz\datf
2011-05-28 10:07 . 2011-05-28 10:08 -------- d-----w- c:\program files\Death and the Fly
2011-05-28 10:06 . 2011-05-28 10:06 -------- d-----w- c:\program files\Smuggle Truck
2011-05-28 07:54 . 2011-05-28 07:54 -------- d-----w- c:\program files\Star Sky
2011-05-28 06:04 . 2011-05-28 06:04 -------- d-----w- c:\users\Deniz\AppData\Local\{DD38FF91-560E-4081-BC38-E46C21C463F6}
2011-05-27 17:25 . 2011-05-27 17:35 -------- d-----w- c:\users\Deniz\AppData\Local\Babylon
2011-05-27 17:24 . 2011-01-25 12:40 142336 ----a-w- c:\program files\Mozilla Firefox\BabyFox.dll
2011-05-27 17:24 . 2011-05-27 17:24 -------- d-----w- c:\program files\Babylon
2011-05-27 17:24 . 2011-06-09 08:54 -------- d-----w- c:\programdata\Babylon
2011-05-27 17:24 . 2011-05-29 21:39 -------- d-----w- c:\users\Deniz\AppData\Roaming\Babylon
2011-05-27 16:37 . 2011-05-27 16:37 -------- d-----w- c:\users\Deniz\AppData\Local\{612BD974-A8B0-4F88-891A-756D9EC05CF9}
2011-05-26 06:25 . 2011-05-26 18:25 -------- d-----w- c:\users\Deniz\AppData\Local\{4D1A543A-114E-415B-A654-A63A04D9DA5F}
2011-05-25 06:25 . 2011-06-09 04:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 06:24 . 2011-05-25 18:24 -------- d-----w- c:\users\Deniz\AppData\Local\{AD7C84A1-3286-4B24-BEA6-245C49D64F04}
2011-05-25 05:29 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 11:15 . 2011-05-24 11:15 -------- d-----w- c:\program files\WinPcap
2011-05-24 11:13 . 2011-05-24 11:23 -------- d-----w- c:\program files\WMR14
2011-05-24 10:53 . 2011-05-24 10:53 -------- d-----w- c:\users\Deniz\AppData\Local\{461638FB-2BFD-465E-A3EF-4E7987BA7682}
2011-05-23 22:52 . 2011-05-23 22:53 -------- d-----w- c:\users\Deniz\AppData\Local\{EB7F8C15-7BBD-4557-A8E8-137FD588EA53}
2011-05-22 10:51 . 2011-05-23 10:52 -------- d-----w- c:\users\Deniz\AppData\Local\{D35C24C7-FFF8-4796-B45D-82410BFEFDCF}
2011-05-21 10:51 . 2011-05-21 10:51 -------- d-----w- c:\program files\Link2Cam
2011-05-21 10:51 . 2011-05-21 10:51 -------- d-----w- C:\ipcamskype
2011-05-21 10:34 . 2011-05-21 10:38 -------- d-----w- c:\program files\wLite
2011-05-21 09:57 . 2011-05-21 09:58 -------- d-----w- c:\users\Deniz\AppData\Local\{47A569F2-CB56-49D5-8238-AA44C423A5F6}
2011-05-20 20:21 . 2011-05-20 20:21 -------- d-----w- C:\sw4
2011-05-20 07:28 . 2011-05-20 19:28 -------- d-----w- c:\users\Deniz\AppData\Local\{D5AD1E1D-2F68-4B92-9F9F-2913D61D1578}
2011-05-19 07:02 . 2011-05-19 07:03 -------- d-----w- c:\users\Deniz\AppData\Local\{FC179F66-7493-4F1A-868B-1F5BF0BBE9CE}
2011-05-18 12:26 . 2011-05-18 12:26 -------- d-----w- c:\users\Deniz\AppData\Local\3DMGAME
2011-05-18 05:31 . 2011-05-18 05:31 -------- d-----w- c:\users\Deniz\AppData\Local\{0C9BF7BC-3D46-4D14-84AF-D0E1282E5C55}
2011-05-17 14:42 . 2011-05-17 14:42 -------- d-----w- c:\users\Deniz\AppData\Local\{835D62A6-CAFF-4A12-980D-EDCBE65EF896}
2011-05-16 19:05 . 2011-05-16 19:05 -------- d-----w- c:\users\Deniz\AppData\Local\{E94B5027-F7C9-4673-A787-4B3BEB1510CE}
2011-05-16 13:24 . 2011-05-26 09:40 -------- d-----w- c:\program files\JDownloader
2011-05-15 09:39 . 2011-05-15 09:39 -------- d-----w- c:\users\UpdatusUser
2011-05-15 09:38 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-15 09:38 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-15 09:38 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-15 09:38 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-15 09:38 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-15 09:38 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-15 09:38 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-15 09:38 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-15 09:38 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-15 07:04 . 2011-05-16 07:05 -------- d-----w- c:\users\Deniz\AppData\Local\{9446D6B8-7428-4478-B7E2-2E4AE823862F}
2011-05-14 17:38 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-14 10:52 . 2011-05-14 10:53 -------- d-----w- C:\Hydrophobia.Prophecy.Update.3-SKIDROW
2011-05-14 09:23 . 2011-05-14 17:36 -------- d-----w- c:\users\Deniz\.android
2011-05-14 09:23 . 2011-05-14 09:23 -------- d-----w- c:\program files\Android
2011-05-14 09:23 . 2011-05-14 09:23 -------- d-----w- c:\program files\Common Files\Java
2011-05-14 09:22 . 2011-05-14 09:22 -------- d-----w- c:\program files\Sun
2011-05-14 08:36 . 2011-05-14 08:36 -------- d-----w- c:\users\Deniz\AppData\Local\{1E9A9465-6314-4F8E-BA90-325B12C538FA}
2011-05-13 18:51 . 2011-06-08 17:18 -------- d-----w- c:\program files\SpeedFan
2011-05-13 05:30 . 2011-05-13 17:30 -------- d-----w- c:\users\Deniz\AppData\Local\{4ECD2E1C-BBC1-44C9-AFDB-8EAC0F916AD2}
2011-05-12 06:09 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-12 06:09 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-12 04:58 . 2011-05-12 04:59 -------- d-----w- c:\users\Deniz\AppData\Local\{820EA58E-C7B9-45EA-BC5B-3972C4E77281}
2011-05-10 13:57 . 2011-05-10 13:57 -------- d-----w- c:\users\Deniz\AppData\Local\{4A634A86-11D8-4A54-8FA3-562B885DBAEB}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-14 09:22 . 2011-01-24 17:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 15:55 . 2011-04-09 15:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 15:55 . 2011-04-09 15:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-08 05:14 . 2011-05-15 09:38 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2011-02-19 11:43 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14 . 2011-02-19 11:43 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-08 05:14 . 2011-02-19 11:43 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-07 19:45 . 2011-04-07 19:45 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 19:45 . 2011-04-07 19:45 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 19:45 . 2011-04-07 19:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 19:44 . 2011-04-07 19:44 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 19:44 . 2011-04-07 19:44 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-22 17:53 . 2011-03-22 17:53 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-22 17:53 . 2011-03-22 17:53 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-12 11:23 . 2011-04-27 19:10 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-04 15:04 . 2011-04-16 19:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-25 399736]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-21 5459136]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-21 390712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"RivaTuner"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RTSS"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe" [2009-08-22 24576]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-11 273544]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2011-02-21 936448]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
c:\users\Deniz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kX Mixer]
kxmixer --startup [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-25 1343400]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2010-11-30 752128]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-30 3975088]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-03-19 93312]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-11-30 163232]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-13 38608]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2007-08-24 564864]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-11-30 25088]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*Deregistered* - BlackBox
.
.
------- Supplementary Scan -------
.
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: Interfaces\{08E81028-9A9D-440B-9694-FFDF6B968628}: NameServer = 8.8.8.8
TCP: Interfaces\{70F77951-2DF9-4AF9-B131-6D94812120D1}: NameServer = 8.8.8.8
DPF: {57CD0DF4-DACC-439D-9173-3F6A8EC3FFE3} - hxxp://demircid.no-ip.org:10000/IPCamPluginMegaDM.cab
FF - ProfilePath - c:\users\Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\q6737q3c.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en&q=
FF - prefs.js: network.proxy.http - 194.27.128.8
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6124)
c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSHooks.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\edraw max\ThumbView.dll
.
Completion time: 2011-06-09 12:12:44
ComboFix-quarantined-files.txt 2011-06-09 09:12
ComboFix2.txt 2011-06-07 09:15
ComboFix3.txt 2011-06-04 05:07
ComboFix4.txt 2011-06-03 05:25
ComboFix5.txt 2011-06-09 09:01
.
Pre-Run: 280.424.124.416 bytes free
Post-Run: 280.386.990.080 bytes free
.
- - End Of File - - B0800C474410341ABDB2B0A986285BA9

The scan was without problems. Onlu stage5 endured a little bit long

Now there seems to be no problem with the computer but today before i got your first reply, computer hanged about 1-2 mins and didn't respond and after that it became normal again. It may continue. Please watch this topic a while because it mat repeat.
Thanks again.
By the way from your opinion the infection is cleared?
RKunhooker still says that a rootkit infection suspected.

Thanks in advance

Edited by metabesk, 09 June 2011 - 04:30 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 09 June 2011 - 05:08 AM

Hello

some software and even your antivirus will cause RKUnhooker to report possible activity - what I do look for in that report is not there so that is good


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 metabesk

metabesk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 09 June 2011 - 05:53 AM

After sending this message computer hanged again even the numlock led was unresponsive





2011/06/09 13:51:47.0152 6036 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/09 13:51:48.0114 6036 ================================================================================
2011/06/09 13:51:48.0114 6036 SystemInfo:
2011/06/09 13:51:48.0114 6036
2011/06/09 13:51:48.0114 6036 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/09 13:51:48.0114 6036 Product type: Workstation
2011/06/09 13:51:48.0114 6036 ComputerName: DENIZ-PC
2011/06/09 13:51:48.0114 6036 UserName: Deniz
2011/06/09 13:51:48.0114 6036 Windows directory: C:\Windows
2011/06/09 13:51:48.0114 6036 System windows directory: C:\Windows
2011/06/09 13:51:48.0115 6036 Processor architecture: Intel x86
2011/06/09 13:51:48.0115 6036 Number of processors: 2
2011/06/09 13:51:48.0115 6036 Page size: 0x1000
2011/06/09 13:51:48.0115 6036 Boot type: Normal boot
2011/06/09 13:51:48.0115 6036 ================================================================================
2011/06/09 13:51:49.0210 6036 Initialize success
2011/06/09 13:51:56.0590 5532 ================================================================================
2011/06/09 13:51:56.0590 5532 Scan started
2011/06/09 13:51:56.0590 5532 Mode: Manual;
2011/06/09 13:51:56.0590 5532 ================================================================================
2011/06/09 13:51:57.0623 5532 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/06/09 13:51:57.0648 5532 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/06/09 13:51:57.0692 5532 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/06/09 13:51:57.0761 5532 ADIHdAudAddService (b01a51996a3251023a5fd19fc88f5057) C:\Windows\system32\drivers\ADIHdAud.sys
2011/06/09 13:51:57.0815 5532 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/09 13:51:57.0839 5532 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/09 13:51:57.0860 5532 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/09 13:51:57.0923 5532 afcdp (a27deeebf1b17a053aea3e2f1d6f9295) C:\Windows\system32\DRIVERS\afcdp.sys
2011/06/09 13:51:57.0982 5532 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/06/09 13:51:58.0008 5532 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/06/09 13:51:58.0032 5532 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/09 13:51:58.0066 5532 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/06/09 13:51:58.0100 5532 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/06/09 13:51:58.0124 5532 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/06/09 13:51:58.0137 5532 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/09 13:51:58.0288 5532 amdkmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/09 13:51:58.0380 5532 amdkmdap (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/09 13:51:58.0395 5532 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/09 13:51:58.0433 5532 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/06/09 13:51:58.0463 5532 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/09 13:51:58.0486 5532 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/06/09 13:51:58.0533 5532 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/06/09 13:51:58.0574 5532 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/09 13:51:58.0593 5532 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/09 13:51:58.0626 5532 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/09 13:51:58.0641 5532 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/06/09 13:51:58.0694 5532 athur (d79a49fc67421c7bb7dcbd188a442288) C:\Windows\system32\DRIVERS\athur.sys
2011/06/09 13:51:58.0768 5532 AtiHDAudioService (7b4342936a3885cfe18e5d1df6d55bc5) C:\Windows\system32\drivers\AtihdW73.sys
2011/06/09 13:51:58.0867 5532 atikmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/09 13:51:58.0951 5532 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/09 13:51:58.0984 5532 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/09 13:51:59.0015 5532 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/09 13:51:59.0046 5532 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/09 13:51:59.0091 5532 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/09 13:51:59.0112 5532 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/09 13:51:59.0124 5532 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/09 13:51:59.0148 5532 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/09 13:51:59.0164 5532 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/09 13:51:59.0186 5532 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/09 13:51:59.0203 5532 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/09 13:51:59.0216 5532 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/09 13:51:59.0332 5532 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/09 13:51:59.0370 5532 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/06/09 13:51:59.0405 5532 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/09 13:51:59.0440 5532 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/09 13:51:59.0475 5532 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/09 13:51:59.0496 5532 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/06/09 13:51:59.0531 5532 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/09 13:51:59.0588 5532 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/09 13:51:59.0611 5532 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/09 13:51:59.0629 5532 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/09 13:51:59.0686 5532 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/06/09 13:51:59.0803 5532 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/06/09 13:51:59.0828 5532 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/09 13:51:59.0861 5532 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/09 13:51:59.0926 5532 DKRtWrt (ab24ee68ff85a592586c03a3f339fcd5) C:\Windows\system32\DRIVERS\DKRtWrt.sys
2011/06/09 13:51:59.0973 5532 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/09 13:52:00.0019 5532 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/09 13:52:00.0066 5532 eamon (d4f94d45e25d764462a5b95bc426c8d0) C:\Windows\system32\DRIVERS\eamon.sys
2011/06/09 13:52:00.0132 5532 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/09 13:52:00.0202 5532 ehdrv (9456462c1425d2bbf1616edabfaba5f4) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/06/09 13:52:00.0253 5532 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/09 13:52:00.0280 5532 epfwwfpr (32102f2c07182523b1390c2d9341e397) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/06/09 13:52:00.0311 5532 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/06/09 13:52:00.0338 5532 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/09 13:52:00.0369 5532 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/09 13:52:00.0397 5532 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/09 13:52:00.0438 5532 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/09 13:52:00.0464 5532 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/09 13:52:00.0486 5532 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/09 13:52:00.0512 5532 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/09 13:52:00.0542 5532 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/09 13:52:00.0559 5532 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/09 13:52:00.0596 5532 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/09 13:52:00.0620 5532 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/09 13:52:00.0675 5532 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/06/09 13:52:00.0702 5532 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/09 13:52:00.0758 5532 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/06/09 13:52:00.0792 5532 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/09 13:52:00.0805 5532 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/09 13:52:00.0844 5532 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/09 13:52:00.0876 5532 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/09 13:52:00.0915 5532 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/09 13:52:00.0945 5532 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/09 13:52:00.0972 5532 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/06/09 13:52:01.0015 5532 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/09 13:52:01.0033 5532 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/06/09 13:52:01.0090 5532 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/06/09 13:52:01.0125 5532 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/09 13:52:01.0154 5532 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/06/09 13:52:01.0182 5532 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/09 13:52:01.0204 5532 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/09 13:52:01.0225 5532 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/09 13:52:01.0246 5532 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/09 13:52:01.0264 5532 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/09 13:52:01.0291 5532 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/06/09 13:52:01.0317 5532 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/06/09 13:52:01.0338 5532 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/06/09 13:52:01.0360 5532 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/06/09 13:52:01.0406 5532 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/09 13:52:01.0428 5532 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/09 13:52:01.0471 5532 kxwdmdrv (6b66e788bbcb548cee00acc58dba8740) C:\Windows\system32\drivers\kx.sys
2011/06/09 13:52:01.0512 5532 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/09 13:52:01.0547 5532 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/09 13:52:01.0568 5532 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/09 13:52:01.0582 5532 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/09 13:52:01.0599 5532 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/09 13:52:01.0621 5532 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/09 13:52:01.0675 5532 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/06/09 13:52:01.0702 5532 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/09 13:52:01.0725 5532 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/09 13:52:01.0749 5532 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/09 13:52:01.0784 5532 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/09 13:52:01.0807 5532 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/09 13:52:01.0821 5532 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/09 13:52:01.0846 5532 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/06/09 13:52:01.0889 5532 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/06/09 13:52:01.0913 5532 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/09 13:52:01.0951 5532 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/06/09 13:52:01.0997 5532 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/09 13:52:02.0020 5532 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/09 13:52:02.0046 5532 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/09 13:52:02.0085 5532 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/06/09 13:52:02.0109 5532 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/06/09 13:52:02.0148 5532 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/09 13:52:02.0174 5532 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/09 13:52:02.0193 5532 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/06/09 13:52:02.0236 5532 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/09 13:52:02.0250 5532 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/09 13:52:02.0266 5532 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/09 13:52:02.0298 5532 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/09 13:52:02.0327 5532 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/06/09 13:52:02.0340 5532 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/09 13:52:02.0357 5532 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/09 13:52:02.0400 5532 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/06/09 13:52:02.0423 5532 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/09 13:52:02.0465 5532 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/09 13:52:02.0504 5532 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/06/09 13:52:02.0528 5532 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/09 13:52:02.0554 5532 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/09 13:52:02.0606 5532 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/09 13:52:02.0696 5532 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/09 13:52:02.0743 5532 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/06/09 13:52:03.0064 5532 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/09 13:52:03.0104 5532 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/09 13:52:03.0178 5532 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/09 13:52:03.0265 5532 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
2011/06/09 13:52:03.0295 5532 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/09 13:52:03.0317 5532 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/09 13:52:03.0428 5532 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/06/09 13:52:03.0462 5532 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/09 13:52:04.0143 5532 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/09 13:52:04.0438 5532 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/06/09 13:52:04.0461 5532 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/06/09 13:52:04.0533 5532 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/06/09 13:52:04.0550 5532 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/06/09 13:52:04.0596 5532 okfeoy (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\qociu.sys
2011/06/09 13:52:04.0656 5532 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/09 13:52:04.0698 5532 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/06/09 13:52:04.0718 5532 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/09 13:52:04.0752 5532 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/06/09 13:52:04.0772 5532 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/06/09 13:52:04.0794 5532 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/09 13:52:04.0818 5532 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/09 13:52:04.0845 5532 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/09 13:52:04.0952 5532 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/09 13:52:04.0980 5532 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/09 13:52:05.0038 5532 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/09 13:52:05.0081 5532 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/09 13:52:05.0117 5532 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/09 13:52:05.0142 5532 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/09 13:52:05.0167 5532 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/09 13:52:05.0195 5532 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/09 13:52:05.0238 5532 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/09 13:52:05.0280 5532 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/09 13:52:05.0300 5532 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/09 13:52:05.0340 5532 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/09 13:52:05.0365 5532 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/09 13:52:05.0404 5532 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/09 13:52:05.0439 5532 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/06/09 13:52:05.0468 5532 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/09 13:52:05.0491 5532 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/09 13:52:05.0532 5532 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/06/09 13:52:05.0578 5532 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/06/09 13:52:05.0648 5532 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2011/06/09 13:52:05.0704 5532 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/09 13:52:05.0769 5532 RTL8167 (94a48c15d32d69867f03894a4e70a87a) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/06/09 13:52:05.0812 5532 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/06/09 13:52:05.0840 5532 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/06/09 13:52:05.0891 5532 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/06/09 13:52:05.0914 5532 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/09 13:52:05.0956 5532 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/09 13:52:05.0982 5532 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/09 13:52:06.0000 5532 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/09 13:52:06.0024 5532 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/09 13:52:06.0066 5532 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/06/09 13:52:06.0088 5532 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/09 13:52:06.0117 5532 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/09 13:52:06.0152 5532 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/09 13:52:06.0186 5532 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/06/09 13:52:06.0220 5532 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/09 13:52:06.0238 5532 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/09 13:52:06.0265 5532 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/09 13:52:06.0324 5532 snapman (85bada660d57bc5aef52b11cabd6d8f9) C:\Windows\system32\DRIVERS\snapman.sys
2011/06/09 13:52:06.0376 5532 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
2011/06/09 13:52:06.0392 5532 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/09 13:52:06.0446 5532 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/06/09 13:52:06.0477 5532 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/09 13:52:06.0505 5532 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/09 13:52:06.0543 5532 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/09 13:52:06.0585 5532 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/06/09 13:52:06.0604 5532 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/06/09 13:52:06.0635 5532 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/06/09 13:52:06.0705 5532 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/06/09 13:52:06.0751 5532 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/09 13:52:06.0799 5532 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/09 13:52:06.0820 5532 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/06/09 13:52:06.0857 5532 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\Windows\system32\DRIVERS\tdrpm273.sys
2011/06/09 13:52:06.0897 5532 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/06/09 13:52:06.0942 5532 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/09 13:52:06.0991 5532 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
2011/06/09 13:52:07.0019 5532 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/06/09 13:52:07.0070 5532 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\Windows\system32\DRIVERS\timntr.sys
2011/06/09 13:52:07.0113 5532 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/09 13:52:07.0154 5532 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/09 13:52:07.0213 5532 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/09 13:52:07.0341 5532 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/09 13:52:07.0382 5532 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/09 13:52:07.0431 5532 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/09 13:52:07.0467 5532 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/06/09 13:52:07.0499 5532 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/09 13:52:07.0537 5532 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/09 13:52:07.0578 5532 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/06/09 13:52:07.0600 5532 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/09 13:52:07.0628 5532 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/06/09 13:52:07.0659 5532 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/09 13:52:07.0675 5532 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/09 13:52:07.0717 5532 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/06/09 13:52:07.0747 5532 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/09 13:52:07.0792 5532 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/09 13:52:07.0816 5532 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/09 13:52:07.0842 5532 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/09 13:52:07.0859 5532 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/09 13:52:07.0886 5532 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/06/09 13:52:07.0918 5532 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/06/09 13:52:07.0940 5532 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/09 13:52:07.0981 5532 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/06/09 13:52:08.0002 5532 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/06/09 13:52:08.0033 5532 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/06/09 13:52:08.0053 5532 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/06/09 13:52:08.0077 5532 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/09 13:52:08.0096 5532 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/06/09 13:52:08.0128 5532 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/09 13:52:08.0156 5532 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/06/09 13:52:08.0180 5532 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/09 13:52:08.0214 5532 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/09 13:52:08.0238 5532 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/09 13:52:08.0288 5532 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 13:52:08.0299 5532 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 13:52:08.0357 5532 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/09 13:52:08.0389 5532 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/09 13:52:08.0444 5532 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/09 13:52:08.0458 5532 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/09 13:52:08.0536 5532 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/09 13:52:08.0572 5532 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/09 13:52:08.0617 5532 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/06/09 13:52:08.0645 5532 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/09 13:52:08.0700 5532 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/09 13:52:08.0711 5532 MBR (0x1B8) (988ed281fd011a58dab7e4ae71ded8f5) \Device\Harddisk1\DR1
2011/06/09 13:52:08.0736 5532 MBR (0x1B8) (93d78f04cf0e934e3bcdb0e9c78bbb5b) \Device\Harddisk2\DR2
2011/06/09 13:52:08.0864 5532 ================================================================================
2011/06/09 13:52:08.0864 5532 Scan finished
2011/06/09 13:52:08.0864 5532 ================================================================================
2011/06/09 13:52:08.0879 4824 Detected object count: 0
2011/06/09 13:52:08.0879 4824 Actual detected object count: 0

Edited by metabesk, 09 June 2011 - 05:59 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 09 June 2011 - 01:32 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 12 June 2011 - 02:09 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 metabesk

metabesk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 12 June 2011 - 10:33 AM

Thank you gringo but problem is solved i think thanks again and sorry for not replying in time

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 12 June 2011 - 12:40 PM

What was the problem and what did you do?


gringo

Edited by gringo_pr, 12 June 2011 - 12:41 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 metabesk

metabesk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 13 June 2011 - 01:09 AM

i didn't do anything besides your instructions

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 13 June 2011 - 01:33 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.2
Java DB 10.6.2.1


and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 metabesk

metabesk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 13 June 2011 - 03:39 PM

mbam log:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Veritabanı sürümü: 6850

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

13.06.2011 23:37:34
mbam-log-2011-06-13 (23-37-33).txt

Tarama kipi: Hızlı tarama
Taranmış öğeler: 165282
Geçen süre: 3 dakika, 35 saniye

Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Veri Öğeleri: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0

Etkilenmiş Hafıza İşlemleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Hafıza Modülleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Anahtarları:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Değerleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Veri Öğeleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Klasörler:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Dosyalar:
(Zararlı öğe tespit edilmedi)



hijackthis.log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:39:09, on 13.06.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
c:\program files\teamviewer\version6\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Babylon\Babylon-Pro\TC\BabylonTC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [RTSS] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1737519164-786193041-2530284834-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1737519164-786193041-2530284834-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {57CD0DF4-DACC-439D-9173-3F6A8EC3FFE3} (IPCamPluginMegaDM Control) - http://demircid.no-ip.org:10000/IPCamPluginMegaDM.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08E81028-9A9D-440B-9694-FFDF6B968628}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{70F77951-2DF9-4AF9-B131-6D94812120D1}: NameServer = 8.8.8.8
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 9507 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 13 June 2011 - 04:29 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T
      O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
      O4 - HKLM\..\Run: [RTSS] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe" /s
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
      O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-21-1737519164-786193041-2530284834-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1737519164-786193041-2530284834-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users