Hi,,
my browsing is too slowbut getting good download speed in torrents.same internet connection,but try in my laptop using wifi ,speed is pretty good..kindly guide me to disinfect my system
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5111
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/14/2010 6:54:20 PM
mbam-log-2010-11-14 (18-54-20).txt
Scan type: Quick scan
Objects scanned: 140195
Time elapsed: 5 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
**********************************************************************|
DDS (Ver_10-10-21.02) - NTFSx86
Run by sri at 17:59:09.79 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2163 [GMT 5.5:30]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
E:\New folder\gmer.exe
E:\New folder\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = about:blank
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\sri\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download All By FlashGet3 - c:\users\sri\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download By FlashGet3 - c:\users\sri\appdata\roaming\flashgetbho\GetUrl.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: kuaiche.com\software
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\users\sri\appdata\local\temp\f5tmp\urxvpn.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\sri\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\sri\appdata\local\temp\ixp000.tmp\InstallerControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://inblrm04.tcs.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\sri\appdata\local\temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\sri\appdata\local\temp\f5tmp\urxhost.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\sri\appdata\roaming\mozilla\firefox\profiles\yd7m4oub.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\sri\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\sri\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-9-30 71336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-27 304464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-11-10 2011944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-27 20952]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-27 38224]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpnwlh.sys [2010-1-26 34944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2010-10-30 13952]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-28 1343400]
=============== Created Last 30 ================
2010-11-12 15:12:46 -------- d-----w- c:\users\sri\appdata\roaming\BITS
2010-11-12 15:12:45 -------- d-----w- c:\users\sri\appdata\roaming\FlashGet
2010-11-12 15:12:40 -------- d-----w- c:\users\sri\appdata\roaming\FlashGetBHO
2010-11-12 15:12:38 -------- d-----w- c:\program files\FlashGet Network
2010-11-12 13:49:39 -------- d-----w- c:\users\sri\appdata\roaming\DonationCoder
2010-11-12 13:49:35 -------- d-----w- c:\program files\WinPcap
2010-11-12 13:49:03 -------- d-----w- c:\program files\URLSnooper2
2010-11-12 13:49:03 -------- d-----w- c:\progra~2\DonationCoder
2010-11-12 12:58:56 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ee4859bc-26ec-443a-a815-66ec6fc04319}\mpengine.dll
2010-11-11 04:24:10 -------- d-----w- c:\users\sri\appdata\roaming\PDF Writer
2010-11-11 04:24:10 -------- d-----w- c:\users\sri\appdata\local\PDF Writer
2010-11-11 04:24:10 -------- d-----w- c:\progra~2\PDF Writer
2010-11-11 04:23:32 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
2010-11-11 04:21:36 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2010-11-11 04:21:36 103424 ----a-w- c:\windows\system32\bzDCT.dll
2010-11-11 04:21:36 -------- d-----w- c:\program files\common files\Bullzip
2010-11-11 04:21:35 135168 ----a-w- c:\windows\system32\bzpdfc.dll
2010-11-11 04:21:32 196096 ----a-w- c:\windows\system32\bzpdf.dll
2010-11-11 04:21:27 140288 ----a-w- c:\windows\system32\comdlg32.OCX
2010-11-11 04:21:27 -------- d-----w- c:\program files\Bullzip
2010-11-10 15:54:13 -------- d-----w- c:\program files\TeamViewer
2010-11-10 15:14:18 -------- d-----w- c:\users\sri\appdata\roaming\TeamViewer
2010-11-10 15:13:53 -------- d-----w- c:\program files\Garena
2010-11-10 15:13:37 -------- d-----w- c:\users\sri\temp
2010-11-10 14:58:12 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-11-10 14:58:12 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-11-09 17:34:37 -------- d-----w- c:\program files\Conduit
2010-11-09 17:34:32 -------- d-----w- c:\program files\ConduitEngine
2010-11-09 17:34:28 -------- d-----w- c:\program files\uTorrentBar
2010-11-09 17:34:26 -------- d-----w- C:\extensions
2010-11-09 17:33:22 -------- d-----w- c:\users\sri\appdata\roaming\UseNeXT
2010-11-09 17:33:14 -------- d-----w- c:\program files\UseNeXT
2010-11-09 17:32:59 -------- d-----w- c:\program files\uTorrent
2010-11-09 17:32:37 -------- d-----w- c:\users\sri\appdata\roaming\uTorrent
2010-11-09 16:17:15 -------- d-----w- c:\program files\Cheat Engine
2010-10-31 09:13:05 -------- d-----w- c:\users\sri\appdata\local\ESET
2010-10-31 08:11:16 -------- d-----w- c:\program files\GRETECH
2010-10-30 09:15:59 -------- d-----w- C:\Downloads
2010-10-30 07:27:14 13952 ----a-w- c:\windows\system32\drivers\urfltwlh.sys
2010-10-30 04:42:10 -------- d-----w- C:\Films
2010-10-29 16:45:46 -------- d-----w- c:\program files\ESET
2010-10-29 11:28:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-10-29 06:45:28 -------- d-----w- c:\users\sri\appdata\local\ElevatedDiagnostics
2010-10-28 17:25:58 -------- d-----w- c:\program files\VideoLAN
2010-10-28 16:19:26 -------- d-----w- c:\users\sri\appdata\roaming\My Battle for Middle-earth Files
2010-10-28 16:10:27 -------- d-----w- c:\program files\EA GAMES
2010-10-28 15:31:22 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2010-10-28 15:31:10 -------- d-----w- c:\users\sri\appdata\local\Adobe
2010-10-28 14:54:58 -------- d-----w- c:\program files\EA SPORTS
2010-10-28 14:22:43 -------- d-----w- c:\users\sri\appdata\roaming\IDM
2010-10-28 14:22:42 -------- d-----w- c:\users\sri\appdata\roaming\DMCache
2010-10-28 14:22:38 -------- d-----w- c:\program files\Internet Download Manager
2010-10-28 14:21:16 -------- d-----w- c:\program files\Ask.com
2010-10-28 14:08:57 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2010-10-28 14:08:57 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-10-28 14:06:40 -------- d-----w- c:\windows\PCHEALTH
2010-10-28 14:04:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-28 14:04:11 -------- d-----w- c:\users\sri\appdata\local\Microsoft Help
2010-10-28 13:57:41 -------- d-----w- c:\program files\PowerISO
2010-10-28 13:55:50 -------- d-----w- c:\program files\CCleaner
2010-10-28 13:21:22 -------- d-----w- c:\users\sri\appdata\local\LogMeIn Hamachi
2010-10-28 13:18:46 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-10-28 06:10:38 -------- d-----w- c:\windows\Panther
2010-10-27 18:34:52 -------- d-----w- c:\windows\system32\Wat
2010-10-27 18:25:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-27 17:57:39 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-27 17:56:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-27 17:56:16 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-27 17:56:16 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-27 17:56:16 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-27 17:56:16 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-27 17:49:49 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-27 17:49:04 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-27 17:49:03 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-27 17:47:56 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-27 17:47:55 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-10-27 17:46:39 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-27 17:46:39 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-27 17:46:39 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-27 17:46:35 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-10-27 17:43:56 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-27 17:43:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-27 17:43:56 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 17:43:51 132608 ----a-w- c:\windows\system32\cabview.dll
2010-10-27 17:43:39 -------- d-----w- c:\users\sri\appdata\roaming\Malwarebytes
2010-10-27 17:43:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 17:43:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 17:43:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 17:43:28 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-27 17:35:18 -------- d-----w- c:\program files\Show Desktop
2010-10-27 17:29:20 -------- d-----w- c:\users\sri\appdata\local\SRS Labs
2010-10-27 17:27:20 -------- d-----w- c:\progra~2\SRS Labs
2010-10-27 17:26:53 -------- d-----w- c:\program files\SRS Labs
2010-10-27 17:25:53 -------- d-----w- c:\program files\NVIDIA Corporation
2010-10-27 17:24:30 -------- d-----w- c:\windows\system32\AGEIA
2010-10-27 17:24:05 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-10-27 17:23:27 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-10-27 17:23:03 485920 ----a-w- c:\windows\system32\nvudisp.exe
2010-10-27 17:16:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-27 17:05:57 53248 ----a-w- c:\windows\system32\IASBB.dll
2010-10-27 17:05:57 40960 ----a-w- c:\windows\system32\SFIMLARK.dll
2010-10-27 17:05:57 274432 ----a-w- c:\windows\system32\IASDLL.dll
2010-10-27 17:05:53 -------- d-----w- c:\program files\Intel Audio Studio 2.7
2010-10-27 17:05:19 212992 ----a-w- c:\windows\system32\stacsv.exe
2010-10-27 17:05:18 -------- d-----w- c:\progra~2\SonicFocus
2010-10-27 17:04:32 146944 ----a-w- c:\windows\system32\staco.dll
2010-10-27 17:03:45 356352 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-10-27 17:03:43 69632 ----a-w- c:\windows\system32\SFFXCPStr.dll
2010-10-27 17:03:43 69120 ----a-w- c:\windows\system32\SFFXSAPO.dll
2010-10-27 17:03:43 69120 ----a-w- c:\windows\system32\SFFXHAPO.dll
2010-10-27 17:03:43 69120 ----a-w- c:\windows\system32\SFFXDAPO.dll
2010-10-27 17:03:43 58368 ----a-w- c:\windows\system32\SFFXComm.dll
2010-10-27 17:03:43 379392 ----a-w- c:\windows\system32\stapi32.dll
2010-10-27 17:03:43 208896 ----a-w- c:\windows\system32\SFFXProc.dll
2010-10-27 17:03:43 156672 ----a-w- c:\windows\system32\SFFXCPBL.dll
2010-10-27 17:03:41 -------- d-----w- c:\program files\IDT
2010-10-27 17:02:37 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2010-10-27 17:02:37 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2010-10-27 17:02:37 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2010-10-27 17:02:37 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-10-27 17:02:37 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2010-10-27 17:02:37 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2010-10-27 17:02:37 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2010-10-27 17:02:36 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2010-10-27 17:01:51 -------- d-----w- c:\users\sri\appdata\local\Google
2010-10-27 17:01:37 -------- d-----w- c:\users\sri\appdata\local\Deployment
2010-10-27 17:01:37 -------- d-----w- c:\users\sri\appdata\local\Apps
2010-10-27 17:00:41 -------- d-----w- c:\windows\system32\wbem\Performance
2010-10-27 17:00:29 -------- d-sh--w- c:\windows\Installer
==================== Find3M ====================
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 18:00:07.05 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-10-21.02)
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2010 10:27:18 PM
System Uptime: 11/14/2010 9:50:15 AM (9 hours ago)
Motherboard: Intel Corporation | | D945GCL
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | | 1800/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 40 GiB total, 2.141 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 1.219 GiB free.
E: is FIXED (NTFS) - 69 GiB total, 0.075 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Ask Toolbar
Bullzip PDF Printer 7.1.0.1218
CCleaner
Cheat Engine 5.6.1
Conduit Engine
ESET NOD32 Antivirus
FIFA 07
FlashGet 3.3
Garena 2010
GOM Player
Google Chrome
GPL Ghostscript Lite 8.70
IDT Audio
Intel Audio Studio 2.7
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 22
LogMeIn Hamachi
Malwarebytes' Anti-Malware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox (3.6.12)
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
PowerISO
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Show Desktop
SRS Audio Sandbox
TeamViewer 5
The Battle for Middle-earth (tm)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2443839)
URL Snooper v2.28.01
UseNeXT
uTorrentBar Toolbar
VLC media player 1.1.4
WinPcap 4.1.1
WinRAR archiver
==== Event Viewer Messages From Past Week ========
11/14/2010 9:41:22 AM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
11/14/2010 9:41:21 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 2 (SP2).
11/14/2010 9:18:50 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/14/2010 5:57:54 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 4:54:34 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ULTIMATE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{026D91F7-A64B-4CDE-8755-A306E3. The master browser is stopping or an election is being forced.
11/14/2010 1:53:34 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/12/2010 8:47:50 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PEGASO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{66B62F15-F86F-4ECA-9B62-2AE1F97EE8C. The master browser is stopping or an election is being forced.
11/10/2010 8:44:12 PM, Error: Service Control Manager [7030] - The TeamViewer 3 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/10/2010 11:30:34 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
==== End Of File ===========================
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-14 18:41:01
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\sri\AppData\Local\Temp\uwldypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82854599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82878F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 1.0.15 ----
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtCreateFile + 6 77BA4A36 4 Bytes [28, 00, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtCreateFile + B 77BA4A3B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtMapViewOfSection + 6 77BA5096 1 Byte [28]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtMapViewOfSection + 6 77BA5096 4 Bytes [28, 03, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtMapViewOfSection + B 77BA509B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenFile + 6 77BA5146 4 Bytes [68, 00, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenFile + B 77BA514B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcess + 6 77BA51F6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcess + B 77BA51FB 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcessToken + 6 77BA5206 4 Bytes CALL 76BA690C
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcessToken + B 77BA520B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcessTokenEx + 6 77BA5216 4 Bytes [A8, 02, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcessTokenEx + B 77BA521B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThread + 6 77BA5276 4 Bytes [68, 01, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThread + B 77BA527B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThreadToken + 6 77BA5286 4 Bytes [68, 02, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThreadToken + B 77BA528B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThreadTokenEx + 6 77BA5296 4 Bytes CALL 76BA699D
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThreadTokenEx + B 77BA529B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtQueryAttributesFile + 6 77BA53A6 4 Bytes [A8, 00, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtQueryAttributesFile + B 77BA53AB 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtQueryFullAttributesFile + 6 77BA5456 4 Bytes CALL 76BA6B5B
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtQueryFullAttributesFile + B 77BA545B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtSetInformationFile + 6 77BA5AA6 4 Bytes [28, 01, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtSetInformationFile + B 77BA5AAB 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtSetInformationThread + 6 77BA5B06 4 Bytes [28, 02, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtSetInformationThread + B 77BA5B0B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtUnmapViewOfSection + 6 77BA5E26 1 Byte [68]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtUnmapViewOfSection + 6 77BA5E26 4 Bytes [68, 03, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtUnmapViewOfSection + B 77BA5E2B 1 Byte [E2]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1784] kernel32.dll!SetUnhandledExceptionFilter 76773162 4 Bytes [C2, 04, 00, 00]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C05E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C05E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C05E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C05E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Thanks
srini
my browsing is too slowbut getting good download speed in torrents.same internet connection,but try in my laptop using wifi ,speed is pretty good..kindly guide me to disinfect my system
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5111
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/14/2010 6:54:20 PM
mbam-log-2010-11-14 (18-54-20).txt
Scan type: Quick scan
Objects scanned: 140195
Time elapsed: 5 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
**********************************************************************|
DDS (Ver_10-10-21.02) - NTFSx86
Run by sri at 17:59:09.79 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2163 [GMT 5.5:30]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe
E:\New folder\gmer.exe
E:\New folder\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = about:blank
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\sri\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download All By FlashGet3 - c:\users\sri\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download By FlashGet3 - c:\users\sri\appdata\roaming\flashgetbho\GetUrl.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: kuaiche.com\software
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\users\sri\appdata\local\temp\f5tmp\urxvpn.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\sri\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\sri\appdata\local\temp\ixp000.tmp\InstallerControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://inblrm04.tcs.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\sri\appdata\local\temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\sri\appdata\local\temp\f5tmp\urxhost.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\sri\appdata\roaming\mozilla\firefox\profiles\yd7m4oub.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\sri\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\sri\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-9-30 71336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-27 304464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-11-10 2011944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-27 20952]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-27 38224]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpnwlh.sys [2010-1-26 34944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2010-10-30 13952]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-28 1343400]
=============== Created Last 30 ================
2010-11-12 15:12:46 -------- d-----w- c:\users\sri\appdata\roaming\BITS
2010-11-12 15:12:45 -------- d-----w- c:\users\sri\appdata\roaming\FlashGet
2010-11-12 15:12:40 -------- d-----w- c:\users\sri\appdata\roaming\FlashGetBHO
2010-11-12 15:12:38 -------- d-----w- c:\program files\FlashGet Network
2010-11-12 13:49:39 -------- d-----w- c:\users\sri\appdata\roaming\DonationCoder
2010-11-12 13:49:35 -------- d-----w- c:\program files\WinPcap
2010-11-12 13:49:03 -------- d-----w- c:\program files\URLSnooper2
2010-11-12 13:49:03 -------- d-----w- c:\progra~2\DonationCoder
2010-11-12 12:58:56 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ee4859bc-26ec-443a-a815-66ec6fc04319}\mpengine.dll
2010-11-11 04:24:10 -------- d-----w- c:\users\sri\appdata\roaming\PDF Writer
2010-11-11 04:24:10 -------- d-----w- c:\users\sri\appdata\local\PDF Writer
2010-11-11 04:24:10 -------- d-----w- c:\progra~2\PDF Writer
2010-11-11 04:23:32 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
2010-11-11 04:21:36 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2010-11-11 04:21:36 103424 ----a-w- c:\windows\system32\bzDCT.dll
2010-11-11 04:21:36 -------- d-----w- c:\program files\common files\Bullzip
2010-11-11 04:21:35 135168 ----a-w- c:\windows\system32\bzpdfc.dll
2010-11-11 04:21:32 196096 ----a-w- c:\windows\system32\bzpdf.dll
2010-11-11 04:21:27 140288 ----a-w- c:\windows\system32\comdlg32.OCX
2010-11-11 04:21:27 -------- d-----w- c:\program files\Bullzip
2010-11-10 15:54:13 -------- d-----w- c:\program files\TeamViewer
2010-11-10 15:14:18 -------- d-----w- c:\users\sri\appdata\roaming\TeamViewer
2010-11-10 15:13:53 -------- d-----w- c:\program files\Garena
2010-11-10 15:13:37 -------- d-----w- c:\users\sri\temp
2010-11-10 14:58:12 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-11-10 14:58:12 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-11-09 17:34:37 -------- d-----w- c:\program files\Conduit
2010-11-09 17:34:32 -------- d-----w- c:\program files\ConduitEngine
2010-11-09 17:34:28 -------- d-----w- c:\program files\uTorrentBar
2010-11-09 17:34:26 -------- d-----w- C:\extensions
2010-11-09 17:33:22 -------- d-----w- c:\users\sri\appdata\roaming\UseNeXT
2010-11-09 17:33:14 -------- d-----w- c:\program files\UseNeXT
2010-11-09 17:32:59 -------- d-----w- c:\program files\uTorrent
2010-11-09 17:32:37 -------- d-----w- c:\users\sri\appdata\roaming\uTorrent
2010-11-09 16:17:15 -------- d-----w- c:\program files\Cheat Engine
2010-10-31 09:13:05 -------- d-----w- c:\users\sri\appdata\local\ESET
2010-10-31 08:11:16 -------- d-----w- c:\program files\GRETECH
2010-10-30 09:15:59 -------- d-----w- C:\Downloads
2010-10-30 07:27:14 13952 ----a-w- c:\windows\system32\drivers\urfltwlh.sys
2010-10-30 04:42:10 -------- d-----w- C:\Films
2010-10-29 16:45:46 -------- d-----w- c:\program files\ESET
2010-10-29 11:28:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-10-29 06:45:28 -------- d-----w- c:\users\sri\appdata\local\ElevatedDiagnostics
2010-10-28 17:25:58 -------- d-----w- c:\program files\VideoLAN
2010-10-28 16:19:26 -------- d-----w- c:\users\sri\appdata\roaming\My Battle for Middle-earth Files
2010-10-28 16:10:27 -------- d-----w- c:\program files\EA GAMES
2010-10-28 15:31:22 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2010-10-28 15:31:10 -------- d-----w- c:\users\sri\appdata\local\Adobe
2010-10-28 14:54:58 -------- d-----w- c:\program files\EA SPORTS
2010-10-28 14:22:43 -------- d-----w- c:\users\sri\appdata\roaming\IDM
2010-10-28 14:22:42 -------- d-----w- c:\users\sri\appdata\roaming\DMCache
2010-10-28 14:22:38 -------- d-----w- c:\program files\Internet Download Manager
2010-10-28 14:21:16 -------- d-----w- c:\program files\Ask.com
2010-10-28 14:08:57 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2010-10-28 14:08:57 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-10-28 14:06:40 -------- d-----w- c:\windows\PCHEALTH
2010-10-28 14:04:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-28 14:04:11 -------- d-----w- c:\users\sri\appdata\local\Microsoft Help
2010-10-28 13:57:41 -------- d-----w- c:\program files\PowerISO
2010-10-28 13:55:50 -------- d-----w- c:\program files\CCleaner
2010-10-28 13:21:22 -------- d-----w- c:\users\sri\appdata\local\LogMeIn Hamachi
2010-10-28 13:18:46 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-10-28 06:10:38 -------- d-----w- c:\windows\Panther
2010-10-27 18:34:52 -------- d-----w- c:\windows\system32\Wat
2010-10-27 18:25:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-27 17:57:39 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-27 17:56:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-27 17:56:16 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-27 17:56:16 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-27 17:56:16 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-27 17:56:16 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-27 17:49:49 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-27 17:49:04 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-27 17:49:03 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-27 17:47:56 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-27 17:47:55 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-10-27 17:46:39 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-27 17:46:39 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-27 17:46:39 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-27 17:46:35 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-10-27 17:43:56 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-27 17:43:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-27 17:43:56 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 17:43:51 132608 ----a-w- c:\windows\system32\cabview.dll
2010-10-27 17:43:39 -------- d-----w- c:\users\sri\appdata\roaming\Malwarebytes
2010-10-27 17:43:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 17:43:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 17:43:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 17:43:28 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-27 17:35:18 -------- d-----w- c:\program files\Show Desktop
2010-10-27 17:29:20 -------- d-----w- c:\users\sri\appdata\local\SRS Labs
2010-10-27 17:27:20 -------- d-----w- c:\progra~2\SRS Labs
2010-10-27 17:26:53 -------- d-----w- c:\program files\SRS Labs
2010-10-27 17:25:53 -------- d-----w- c:\program files\NVIDIA Corporation
2010-10-27 17:24:30 -------- d-----w- c:\windows\system32\AGEIA
2010-10-27 17:24:05 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-10-27 17:23:27 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-10-27 17:23:03 485920 ----a-w- c:\windows\system32\nvudisp.exe
2010-10-27 17:16:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-27 17:05:57 53248 ----a-w- c:\windows\system32\IASBB.dll
2010-10-27 17:05:57 40960 ----a-w- c:\windows\system32\SFIMLARK.dll
2010-10-27 17:05:57 274432 ----a-w- c:\windows\system32\IASDLL.dll
2010-10-27 17:05:53 -------- d-----w- c:\program files\Intel Audio Studio 2.7
2010-10-27 17:05:19 212992 ----a-w- c:\windows\system32\stacsv.exe
2010-10-27 17:05:18 -------- d-----w- c:\progra~2\SonicFocus
2010-10-27 17:04:32 146944 ----a-w- c:\windows\system32\staco.dll
2010-10-27 17:03:45 356352 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-10-27 17:03:43 69632 ----a-w- c:\windows\system32\SFFXCPStr.dll
2010-10-27 17:03:43 69120 ----a-w- c:\windows\system32\SFFXSAPO.dll
2010-10-27 17:03:43 69120 ----a-w- c:\windows\system32\SFFXHAPO.dll
2010-10-27 17:03:43 69120 ----a-w- c:\windows\system32\SFFXDAPO.dll
2010-10-27 17:03:43 58368 ----a-w- c:\windows\system32\SFFXComm.dll
2010-10-27 17:03:43 379392 ----a-w- c:\windows\system32\stapi32.dll
2010-10-27 17:03:43 208896 ----a-w- c:\windows\system32\SFFXProc.dll
2010-10-27 17:03:43 156672 ----a-w- c:\windows\system32\SFFXCPBL.dll
2010-10-27 17:03:41 -------- d-----w- c:\program files\IDT
2010-10-27 17:02:37 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2010-10-27 17:02:37 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2010-10-27 17:02:37 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2010-10-27 17:02:37 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-10-27 17:02:37 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2010-10-27 17:02:37 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2010-10-27 17:02:37 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2010-10-27 17:02:36 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2010-10-27 17:01:51 -------- d-----w- c:\users\sri\appdata\local\Google
2010-10-27 17:01:37 -------- d-----w- c:\users\sri\appdata\local\Deployment
2010-10-27 17:01:37 -------- d-----w- c:\users\sri\appdata\local\Apps
2010-10-27 17:00:41 -------- d-----w- c:\windows\system32\wbem\Performance
2010-10-27 17:00:29 -------- d-sh--w- c:\windows\Installer
==================== Find3M ====================
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 18:00:07.05 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-10-21.02)
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2010 10:27:18 PM
System Uptime: 11/14/2010 9:50:15 AM (9 hours ago)
Motherboard: Intel Corporation | | D945GCL
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | | 1800/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 40 GiB total, 2.141 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 1.219 GiB free.
E: is FIXED (NTFS) - 69 GiB total, 0.075 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Ask Toolbar
Bullzip PDF Printer 7.1.0.1218
CCleaner
Cheat Engine 5.6.1
Conduit Engine
ESET NOD32 Antivirus
FIFA 07
FlashGet 3.3
Garena 2010
GOM Player
Google Chrome
GPL Ghostscript Lite 8.70
IDT Audio
Intel Audio Studio 2.7
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 22
LogMeIn Hamachi
Malwarebytes' Anti-Malware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox (3.6.12)
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
PowerISO
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Show Desktop
SRS Audio Sandbox
TeamViewer 5
The Battle for Middle-earth (tm)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2443839)
URL Snooper v2.28.01
UseNeXT
uTorrentBar Toolbar
VLC media player 1.1.4
WinPcap 4.1.1
WinRAR archiver
==== Event Viewer Messages From Past Week ========
11/14/2010 9:41:22 AM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
11/14/2010 9:41:21 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 2 (SP2).
11/14/2010 9:18:50 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/14/2010 5:57:54 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 4:54:34 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ULTIMATE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{026D91F7-A64B-4CDE-8755-A306E3. The master browser is stopping or an election is being forced.
11/14/2010 1:53:34 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/12/2010 8:47:50 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PEGASO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{66B62F15-F86F-4ECA-9B62-2AE1F97EE8C. The master browser is stopping or an election is being forced.
11/10/2010 8:44:12 PM, Error: Service Control Manager [7030] - The TeamViewer 3 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/10/2010 11:30:34 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
==== End Of File ===========================
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-14 18:41:01
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\sri\AppData\Local\Temp\uwldypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82854599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82878F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 1.0.15 ----
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtCreateFile + 6 77BA4A36 4 Bytes [28, 00, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtCreateFile + B 77BA4A3B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtMapViewOfSection + 6 77BA5096 1 Byte [28]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtMapViewOfSection + 6 77BA5096 4 Bytes [28, 03, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtMapViewOfSection + B 77BA509B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenFile + 6 77BA5146 4 Bytes [68, 00, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenFile + B 77BA514B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcess + 6 77BA51F6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcess + B 77BA51FB 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcessToken + 6 77BA5206 4 Bytes CALL 76BA690C
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcessToken + B 77BA520B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcessTokenEx + 6 77BA5216 4 Bytes [A8, 02, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenProcessTokenEx + B 77BA521B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThread + 6 77BA5276 4 Bytes [68, 01, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThread + B 77BA527B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThreadToken + 6 77BA5286 4 Bytes [68, 02, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThreadToken + B 77BA528B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThreadTokenEx + 6 77BA5296 4 Bytes CALL 76BA699D
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtOpenThreadTokenEx + B 77BA529B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtQueryAttributesFile + 6 77BA53A6 4 Bytes [A8, 00, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtQueryAttributesFile + B 77BA53AB 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtQueryFullAttributesFile + 6 77BA5456 4 Bytes CALL 76BA6B5B
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtQueryFullAttributesFile + B 77BA545B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtSetInformationFile + 6 77BA5AA6 4 Bytes [28, 01, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtSetInformationFile + B 77BA5AAB 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtSetInformationThread + 6 77BA5B06 4 Bytes [28, 02, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtSetInformationThread + B 77BA5B0B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtUnmapViewOfSection + 6 77BA5E26 1 Byte [68]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtUnmapViewOfSection + 6 77BA5E26 4 Bytes [68, 03, 17, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[188] ntdll.dll!NtUnmapViewOfSection + B 77BA5E2B 1 Byte [E2]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1784] kernel32.dll!SetUnhandledExceptionFilter 76773162 4 Bytes [C2, 04, 00, 00]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C05E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C05E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C05E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C05E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Thanks
srini