hj_black

Members

View Profile See their activity

Posts
12
Joined
November 6, 2012
Last visited
November 14, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by hj_black

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

Make a restart and still ESET says there a trojan http://www.bildites.lv/images/n8mlibp8koawie2k53m.jpg
- November 10, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

nothing changed still internet slow and pc crashing
- November 10, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 2.9.1 (11.09.2012) OS: Windows 7 Ultimate x64 Ran by HJ on 2012.11.10. at 9:59:51,11 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} Successfully deleted: [File] C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\searchplugins\conduit.xml ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 2012.11.10. at 13:27:50,17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-11-10 01:57:32 # local_time=2012-11-10 03:57:32 (+0200, FLE Standard Time) # country="Latvia" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 29597 104178262 0 0 # compatibility_mode=8199 39157181 100 76 63278 70936762 0 0 # scanned=213622 # found=1 # cleaned=1 # scan_time=7439 C:\Users\HJ\Downloads\GSA.EMail.Spider.5.30.INC.SERIAL-MKDEV.TEAM\email_spider.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
- November 10, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

its been for couple hours http://www.bildites.lv/images/dopp6dp5n83l8xfa33j.jpg and nothnig happened, how long this scan takes?
- November 10, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

ComboFix 12-11-08.01 - HJ 012.11.09. 1:43.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.1030 [GMT 2:00] Running from: c:\users\HJ\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\HJ\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll . . ((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 ))))))))))))))))))))))))))))))) . . 2012-11-09 00:17 . 2012-11-09 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-07 18:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2B52FE2-A4A3-486B-AEE4-646067FC7EB5}\mpengine.dll 2012-11-06 19:10 . 2012-11-06 19:10 29552 ----a-w- c:\windows\system32\drivers\OlmarikFixer.sys 2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Apps 2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Deployment 2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\users\HJ\AppData\Roaming\Malwarebytes 2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\programdata\Malwarebytes 2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-04 23:42 . 2012-11-04 23:42 -------- d-----w- c:\users\UpdatusUser 2012-11-04 23:41 . 2012-11-09 00:19 -------- d-----w- c:\programdata\NVIDIA 2012-11-04 23:40 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-11-04 23:40 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-11-04 23:40 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-11-04 23:40 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-11-04 23:40 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-11-04 23:40 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-11-04 23:40 . 2012-10-10 19:24 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-11-04 23:40 . 2012-10-10 19:23 60776 ----a-w- c:\windows\system32\OpenCL.dll 2012-11-04 23:38 . 2012-11-04 23:38 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-11-04 23:38 . 2012-11-04 23:42 -------- d-----w- c:\program files\NVIDIA Corporation 2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\lv-LV 2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\wbem\lv-LV 2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\drivers\lv-LV 2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\wbem\lv-LV 2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\drivers\lv-LV 2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\ElevatedDiagnostics 2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\Diagnostics 2012-10-29 21:24 . 2012-10-29 21:24 -------- d-----w- c:\program files (x86)\EA Games 2012-10-24 19:59 . 2012-10-24 19:59 -------- d-----w- C:\Games 2012-10-10 19:23 . 2012-10-10 19:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-10 19:23 . 2012-10-10 19:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-10 19:23 . 2012-10-10 19:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-10 19:23 . 2012-10-10 19:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-10 19:23 . 2012-10-10 19:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 19:23 . 2012-10-10 19:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 19:23 . 2012-10-10 19:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-10 19:23 . 2012-10-10 19:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 19:23 . 2012-10-10 19:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-10 19:23 . 2012-10-10 19:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 19:23 . 2012-10-10 19:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-10 19:22 . 2012-10-10 19:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-10 19:22 . 2012-10-10 19:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-10 19:22 . 2012-10-10 19:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-10 19:22 . 2012-10-10 19:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-10 19:22 . 2012-10-10 19:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 19:22 . 2012-10-10 19:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-10 19:22 . 2012-10-10 19:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 19:22 . 2012-10-10 19:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-10 16:32 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 16:32 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 16:32 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 16:32 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 16:32 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 16:32 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 16:32 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 16:32 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-10 19:23 . 2009-07-13 21:59 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-10 19:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-09 19:14 . 2012-03-29 05:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 19:14 . 2011-05-18 16:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-09-27 22:18 . 2011-08-15 20:29 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-08-28 07:05 . 2012-09-03 18:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2012-08-28 07:04 . 2012-08-28 07:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-08-28 07:04 . 2012-08-28 07:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll 2012-08-28 07:04 . 2012-08-28 07:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll 2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll 2012-08-28 07:04 . 2012-08-28 07:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll 2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll 2012-08-28 07:04 . 2012-08-28 07:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll 2012-08-28 07:04 . 2012-08-28 07:04 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-08-28 07:04 . 2012-08-28 07:04 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-08-28 07:04 . 2012-08-28 07:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll 2012-08-28 07:04 . 2012-08-28 07:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax 2012-08-28 07:04 . 2012-08-28 07:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll 2012-08-28 07:04 . 2012-08-28 07:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax 2012-08-28 07:04 . 2012-08-28 07:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll 2012-08-28 07:04 . 2012-08-28 07:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax 2012-08-28 07:04 . 2012-09-03 18:52 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll 2012-08-28 07:04 . 2012-08-28 07:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll 2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll 2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll 2012-08-28 07:04 . 2012-08-28 07:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax 2012-08-28 07:04 . 2012-08-28 07:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll 2012-08-28 07:04 . 2012-08-28 07:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll 2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll 2012-08-28 07:04 . 2012-08-28 07:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll 2012-08-28 07:04 . 2012-08-28 07:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax 2012-08-28 07:04 . 2012-08-28 07:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll 2012-08-28 07:04 . 2012-08-28 07:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe 2012-08-28 07:04 . 2012-08-28 07:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll 2012-08-28 07:04 . 2012-08-28 07:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax 2012-08-24 11:15 . 2012-09-22 08:17 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 08:17 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 08:17 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 08:17 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 08:17 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 08:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 08:18 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 08:17 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 08:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 08:17 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 08:17 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 08:17 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 08:17 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 08:18 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 08:18 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 08:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 08:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 08:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 08:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 08:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 17:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 17:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 17:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 17:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 18:56 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 17:38 . 2012-10-10 16:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "googletalk"="c:\users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328] R3 OlmarikFixer;Olmarik fixer kernel-mode driver;c:\windows\system32\drivers\OlmarikFixer.sys [2012-11-06 29552] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-11 1255736] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-12 254528] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] . . Contents of the 'Scheduled Tasks' folder . 2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:14] . 2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10] . 2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000Core.job - c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16] . 2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000UA.job - c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 85.254.184.1 85.254.184.2 FF - ProfilePath - c:\users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) AddRemove-Driver San Francisco - c:\driver san francisco\Uninstall\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Completion time: 2012-11-09 02:40:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-09 00:40 ComboFix2.txt 2012-11-06 01:29 . Pre-Run: 359 770 533 888 bytes free Post-Run: 359 197 511 680 bytes free . - - End Of File - - 9457A5EC5B369A0BDAE5BED0D4F4A43D
- November 9, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.08.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 HJ :: PC_BLACK [administrator] 2012.11.08. 21:36:19 mbam-log-2012-11-08 (21-36-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228395 Time elapsed: 4 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- November 8, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

i didt manage to run not TDSSkiller or aswMBR Doubleclick and nothing happens, its ask if i trust application i press yes and nothing
- November 8, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 2011.03.08. 22:25:34 System Uptime: 2012.11.07. 20:11:19 (3 hours ago) . Motherboard: Biostar | | TF 570 SLI Processor: AMD Athlon 64 X2 Dual Core Processor 5600+ | Socket M2 | 2800/201mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 308,967 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP176: 2012.11.05. 1:06:33 - Windows Update RP177: 2012.11.05. 1:16:57 - Windows Update RP178: 2012.11.05. 3:00:38 - Windows Update RP179: 2012.11.05. 4:45:40 - Windows Update RP180: 2012.11.05. 8:42:48 - Windows Update RP181: 2012.11.06. 7:59:16 - Removed Vegas Pro 11.0 (64-bit) RP182: 2012.11.06. 8:09:42 - Removed Vegas Pro 11.0 (64-bit) RP183: 2012.11.06. 8:12:58 - Removed Vegas Pro 11.0 (64-bit) RP184: 2012.11.06. 8:15:30 - Removed Skype Click to Call . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) CrazyGames.Lv Counter-Strike: Source v.75 Full [25.09.2012] DAEMON Tools Lite Driver San Francisco EasyBits GO ESET NOD32 Antivirus FileZilla Client 3.5.3 Google Chrome Google Earth Plug-in Google Talk (remove only) Google Talk Plugin Google Update Helper Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Java Auto Updater Java 6 Update 26 Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 16.0.2 (x86 lv) Mozilla Maintenance Service MSVCRT Redists Need for Speed Most Wanted Notepad++ NVIDIA 3D Vision Driver 306.97 NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA Install Application NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.10.8 NVIDIA Update Components Octoshape add-in for Adobe Flash Player OpenAL Paint.NET v3.5.8 PASW Statistics 18 Samsung Kies SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Skype™ 5.10 Ubisoft Game Launcher Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 1.1.9 Windows Live ID Sign-in Assistant Windows Media Player Firefox Plugin WinRAR 4.00 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 2012.11.06. 3:04:34, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2012.11.06. 3:00:59, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 2012.11.06. 22:01:49, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 2012.11.06. 21:45:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 2012.11.06. 21:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2012.11.06. 21:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2012.11.06. 21:45:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2012.11.06. 21:45:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2012.11.06. 21:45:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv spldr Wanarpv6 2012.11.06. 21:38:48, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2012.11.06. 21:25:12, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 2012.11.06. 21:24:41, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). 2012.11.06. 21:24:34, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2012.11.06. 21:24:18, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s). 2012.11.06. 2:19:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 2012.11.06. 0:30:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 2012.11.06. 0:30:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 2012.11.05. 3:24:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 2012.11.05. 3:24:04, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2012.11.05. 21:56:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 2012.11.03. 14:05:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 2012.11.01. 21:41:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. 2012.10.31. 19:50:03, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. . ==== End Of File =========================== DDS DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_26 Run by HJ at 23:36:27 on 2012-11-07 Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.667 [GMT 2:00] . AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253 uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [googletalk] C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.254.184.1 85.254.184.2 TCP: Interfaces\{F3CBBDF6-07A1-46BC-BA76-4D334433A9F5} : DHCPNameServer = 85.254.184.1 85.254.184.2 TCP: Interfaces\{F83EFB94-6FEF-47C0-BCAC-B14161A3860B} : DHCPNameServer = 85.254.184.1 85.254.184.2 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\HJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-12 254528] R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-7-29 168544] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-8-12 810144] R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-9-3 36328] S3 OlmarikFixer;Olmarik fixer kernel-mode driver;C:\Windows\System32\drivers\OlmarikFixer.sys [2012-11-6 29552] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-14 20992] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-9-3 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-9-3 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-9-3 177640] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-9-3 146920] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-12 1255736] . =============== Created Last 30 ================ . 2012-11-07 18:14:12 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2B52FE2-A4A3-486B-AEE4-646067FC7EB5}\mpengine.dll 2012-11-06 19:10:08 29552 ----a-w- C:\Windows\System32\drivers\OlmarikFixer.sys 2012-11-06 05:15:33 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-06 00:19:20 98816 ----a-w- C:\Windows\sed.exe 2012-11-06 00:19:20 256000 ----a-w- C:\Windows\PEV.exe 2012-11-06 00:19:20 208896 ----a-w- C:\Windows\MBR.exe 2012-11-06 00:18:06 -------- d-----w- C:\ComboFix 2012-11-05 22:30:01 -------- d-----w- C:\Users\HJ\AppData\Local\Apps 2012-11-05 22:30:00 -------- d-----w- C:\Users\HJ\AppData\Local\Deployment 2012-11-05 19:57:46 -------- d-----w- C:\Users\HJ\AppData\Roaming\Malwarebytes 2012-11-05 19:57:17 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-05 19:57:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-04 23:40:48 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-11-04 23:40:48 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-11-04 23:40:48 6200680 ----a-w- C:\Windows\System32\nvcpl.dll 2012-11-04 23:40:48 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-11-04 23:40:48 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-11-04 23:40:48 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-11-04 23:40:12 60776 ----a-w- C:\Windows\System32\OpenCL.dll 2012-11-04 23:40:12 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-11-04 23:38:53 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2012-11-04 23:38:38 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-11-04 23:30:26 -------- d-----w- C:\Windows\lv-LV 2012-11-04 23:30:17 -------- d-----w- C:\Windows\SysWow64\wbem\lv-LV 2012-11-04 23:30:17 -------- d-----w- C:\Windows\SysWow64\drivers\lv-LV 2012-11-04 23:30:11 -------- d-----w- C:\Windows\System32\wbem\lv-LV 2012-11-04 23:30:11 -------- d-----w- C:\Windows\System32\drivers\lv-LV 2012-11-04 23:19:44 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\scfilter.sys.mui 2012-11-04 23:19:08 3584 ----a-w- C:\Windows\System32\drivers\lv-LV\portcls.sys.mui 2012-11-04 23:19:08 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\serscan.sys.mui 2012-11-04 23:19:04 3072 ----a-w- C:\Windows\System32\drivers\lv-LV\ataport.sys.mui 2012-11-04 23:19:04 2048 ----a-w- C:\Windows\System32\drivers\lv-LV\amdide.sys.mui 2012-11-04 23:19:03 47616 ----a-w- C:\Windows\System32\drivers\lv-LV\tcpip.sys.mui 2012-11-04 23:18:33 3072 ----a-w- C:\Windows\System32\drivers\lv-LV\hidbth.sys.mui 2012-11-04 23:18:32 7168 ----a-w- C:\Windows\System32\drivers\lv-LV\bthport.sys.mui 2012-11-04 23:18:32 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\BTHUSB.SYS.mui 2012-11-04 23:18:32 2048 ----a-w- C:\Windows\System32\drivers\lv-LV\bthenum.sys.mui 2012-11-04 23:01:20 -------- d-----w- C:\Users\HJ\AppData\Local\ElevatedDiagnostics 2012-11-04 23:01:02 -------- d-----w- C:\Users\HJ\AppData\Local\Diagnostics 2012-10-29 21:24:26 -------- d-----w- C:\Program Files (x86)\EA Games 2012-10-26 21:04:59 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2012-10-26 21:04:59 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll 2012-10-26 21:04:59 116192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe 2012-10-26 21:04:58 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-10-26 21:04:58 261600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-10-26 21:04:58 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll 2012-10-24 19:59:20 -------- d-----w- C:\Games 2012-10-10 19:23:48 1867112 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll 2012-10-10 19:23:40 1482600 ----a-w- C:\Windows\System32\nvdispgenco64.dll 2012-10-10 19:23:38 6127464 ----a-w- C:\Windows\SysWow64\nvopencl.dll 2012-10-10 19:23:38 2574696 ----a-w- C:\Windows\SysWow64\nvcuvid.dll 2012-10-10 19:23:34 25256296 ----a-w- C:\Windows\System32\nvcompiler.dll 2012-10-10 19:23:24 7414632 ----a-w- C:\Windows\System32\nvopencl.dll 2012-10-10 19:23:24 2731880 ----a-w- C:\Windows\System32\nvapi64.dll 2012-10-10 19:23:06 9146728 ----a-w- C:\Windows\System32\nvcuda.dll 2012-10-10 19:23:04 7697768 ----a-w- C:\Windows\SysWow64\nvcuda.dll 2012-10-10 19:23:00 2218344 ----a-w- C:\Windows\System32\nvcuvenc.dll 2012-10-10 19:23:00 12501352 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll 2012-10-10 19:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll 2012-10-10 19:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll 2012-10-10 19:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll 2012-10-10 19:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll 2012-10-10 19:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll 2012-10-10 19:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll 2012-10-10 19:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys 2012-10-10 19:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll 2012-10-10 16:32:50 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-10 16:32:50 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-10 16:32:42 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 16:32:42 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 16:32:41 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 16:32:41 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 16:32:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 16:32:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-10-10 19:23:48 18252136 ----a-w- C:\Windows\System32\nvd3dumx.dll 2012-10-10 19:23:10 14922600 ----a-w- C:\Windows\System32\nvwgf2umx.dll 2012-10-09 19:14:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 19:14:18 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-02 11:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-28 07:05:04 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 23:40:14,82 ===============
- November 7, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

This is when problems started - 2012-11-04 23:01:02 -------- d-----w- C:\Users\HJ\AppData\Local\Diagnostics
- November 7, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 2011.03.08. 22:25:34 System Uptime: 2012.11.07. 20:11:19 (0 hours ago) . Motherboard: Biostar | | TF 570 SLI Processor: AMD Athlon 64 X2 Dual Core Processor 5600+ | Socket M2 | 980/201mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 309,111 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP176: 2012.11.05. 1:06:33 - Windows Update RP177: 2012.11.05. 1:16:57 - Windows Update RP178: 2012.11.05. 3:00:38 - Windows Update RP179: 2012.11.05. 4:45:40 - Windows Update RP180: 2012.11.05. 8:42:48 - Windows Update RP181: 2012.11.06. 7:59:16 - Removed Vegas Pro 11.0 (64-bit) RP182: 2012.11.06. 8:09:42 - Removed Vegas Pro 11.0 (64-bit) RP183: 2012.11.06. 8:12:58 - Removed Vegas Pro 11.0 (64-bit) RP184: 2012.11.06. 8:15:30 - Removed Skype Click to Call . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) µTorrent CrazyGames.Lv Counter-Strike: Source v.75 Full [25.09.2012] DAEMON Tools Lite Driver San Francisco EasyBits GO ESET NOD32 Antivirus FileZilla Client 3.5.3 Google Chrome Google Earth Plug-in Google Talk (remove only) Google Talk Plugin Google Update Helper Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Java Auto Updater Java 6 Update 26 Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 16.0.2 (x86 lv) Mozilla Maintenance Service MSVCRT Redists Need for Speed Most Wanted Notepad++ NVIDIA 3D Vision Driver 306.97 NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA Install Application NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.10.8 NVIDIA Update Components Octoshape add-in for Adobe Flash Player OpenAL Paint.NET v3.5.8 PASW Statistics 18 Samsung Kies SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Skype™ 5.10 Ubisoft Game Launcher Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 1.1.9 Windows Live ID Sign-in Assistant Windows Media Player Firefox Plugin WinRAR 4.00 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 2012.11.06. 3:04:34, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2012.11.06. 3:00:59, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 2012.11.06. 22:01:49, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 2012.11.06. 21:45:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 2012.11.06. 21:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2012.11.06. 21:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2012.11.06. 21:45:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2012.11.06. 21:45:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2012.11.06. 21:45:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv spldr Wanarpv6 2012.11.06. 21:38:48, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2012.11.06. 21:25:12, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 2012.11.06. 21:24:41, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). 2012.11.06. 21:24:34, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2012.11.06. 21:24:18, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s). 2012.11.06. 2:19:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 2012.11.06. 0:30:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 2012.11.06. 0:30:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 2012.11.05. 3:24:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 2012.11.05. 3:24:04, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2012.11.05. 21:56:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 2012.11.03. 14:05:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 2012.11.01. 21:41:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. 2012.10.31. 19:50:03, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. . ==== End Of File =========================== DDS DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_26 Run by HJ at 20:25:30 on 2012-11-07 Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.535 [GMT 2:00] . AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253 uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [googletalk] C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.254.184.1 85.254.184.2 TCP: Interfaces\{F3CBBDF6-07A1-46BC-BA76-4D334433A9F5} : DHCPNameServer = 85.254.184.1 85.254.184.2 TCP: Interfaces\{F83EFB94-6FEF-47C0-BCAC-B14161A3860B} : DHCPNameServer = 85.254.184.1 85.254.184.2 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\HJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-12 254528] R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-7-29 168544] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-8-12 810144] R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-9-3 36328] S3 OlmarikFixer;Olmarik fixer kernel-mode driver;C:\Windows\System32\drivers\OlmarikFixer.sys [2012-11-6 29552] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-14 20992] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-9-3 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-9-3 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-9-3 177640] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-9-3 146920] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-12 1255736] . =============== Created Last 30 ================ . 2012-11-07 18:14:12 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2B52FE2-A4A3-486B-AEE4-646067FC7EB5}\mpengine.dll 2012-11-06 19:10:08 29552 ----a-w- C:\Windows\System32\drivers\OlmarikFixer.sys 2012-11-06 05:15:33 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-06 00:19:20 98816 ----a-w- C:\Windows\sed.exe 2012-11-06 00:19:20 256000 ----a-w- C:\Windows\PEV.exe 2012-11-06 00:19:20 208896 ----a-w- C:\Windows\MBR.exe 2012-11-06 00:18:06 -------- d-----w- C:\ComboFix 2012-11-05 22:30:01 -------- d-----w- C:\Users\HJ\AppData\Local\Apps 2012-11-05 22:30:00 -------- d-----w- C:\Users\HJ\AppData\Local\Deployment 2012-11-05 19:57:46 -------- d-----w- C:\Users\HJ\AppData\Roaming\Malwarebytes 2012-11-05 19:57:17 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-05 19:57:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-04 23:40:48 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-11-04 23:40:48 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-11-04 23:40:48 6200680 ----a-w- C:\Windows\System32\nvcpl.dll 2012-11-04 23:40:48 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-11-04 23:40:48 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-11-04 23:40:48 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-11-04 23:40:12 60776 ----a-w- C:\Windows\System32\OpenCL.dll 2012-11-04 23:40:12 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-11-04 23:38:53 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2012-11-04 23:38:38 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-11-04 23:30:26 -------- d-----w- C:\Windows\lv-LV 2012-11-04 23:30:17 -------- d-----w- C:\Windows\SysWow64\wbem\lv-LV 2012-11-04 23:30:17 -------- d-----w- C:\Windows\SysWow64\drivers\lv-LV 2012-11-04 23:30:11 -------- d-----w- C:\Windows\System32\wbem\lv-LV 2012-11-04 23:30:11 -------- d-----w- C:\Windows\System32\drivers\lv-LV 2012-11-04 23:19:44 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\scfilter.sys.mui 2012-11-04 23:19:08 3584 ----a-w- C:\Windows\System32\drivers\lv-LV\portcls.sys.mui 2012-11-04 23:19:08 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\serscan.sys.mui 2012-11-04 23:19:04 3072 ----a-w- C:\Windows\System32\drivers\lv-LV\ataport.sys.mui 2012-11-04 23:19:04 2048 ----a-w- C:\Windows\System32\drivers\lv-LV\amdide.sys.mui 2012-11-04 23:19:03 47616 ----a-w- C:\Windows\System32\drivers\lv-LV\tcpip.sys.mui 2012-11-04 23:18:33 3072 ----a-w- C:\Windows\System32\drivers\lv-LV\hidbth.sys.mui 2012-11-04 23:18:32 7168 ----a-w- C:\Windows\System32\drivers\lv-LV\bthport.sys.mui 2012-11-04 23:18:32 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\BTHUSB.SYS.mui 2012-11-04 23:18:32 2048 ----a-w- C:\Windows\System32\drivers\lv-LV\bthenum.sys.mui 2012-11-04 23:01:20 -------- d-----w- C:\Users\HJ\AppData\Local\ElevatedDiagnostics 2012-11-04 23:01:02 -------- d-----w- C:\Users\HJ\AppData\Local\Diagnostics 2012-10-29 21:24:26 -------- d-----w- C:\Program Files (x86)\EA Games 2012-10-26 21:04:59 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2012-10-26 21:04:59 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll 2012-10-26 21:04:59 116192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe 2012-10-26 21:04:58 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-10-26 21:04:58 261600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-10-26 21:04:58 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll 2012-10-24 19:59:20 -------- d-----w- C:\Games 2012-10-10 19:23:48 1867112 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll 2012-10-10 19:23:40 1482600 ----a-w- C:\Windows\System32\nvdispgenco64.dll 2012-10-10 19:23:38 6127464 ----a-w- C:\Windows\SysWow64\nvopencl.dll 2012-10-10 19:23:38 2574696 ----a-w- C:\Windows\SysWow64\nvcuvid.dll 2012-10-10 19:23:34 25256296 ----a-w- C:\Windows\System32\nvcompiler.dll 2012-10-10 19:23:24 7414632 ----a-w- C:\Windows\System32\nvopencl.dll 2012-10-10 19:23:24 2731880 ----a-w- C:\Windows\System32\nvapi64.dll 2012-10-10 19:23:06 9146728 ----a-w- C:\Windows\System32\nvcuda.dll 2012-10-10 19:23:04 7697768 ----a-w- C:\Windows\SysWow64\nvcuda.dll 2012-10-10 19:23:00 2218344 ----a-w- C:\Windows\System32\nvcuvenc.dll 2012-10-10 19:23:00 12501352 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll 2012-10-10 19:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll 2012-10-10 19:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll 2012-10-10 19:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll 2012-10-10 19:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll 2012-10-10 19:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll 2012-10-10 19:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll 2012-10-10 19:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys 2012-10-10 19:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll 2012-10-10 16:32:50 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-10 16:32:50 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-10 16:32:42 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 16:32:42 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 16:32:41 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 16:32:41 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 16:32:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 16:32:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-10-10 19:23:48 18252136 ----a-w- C:\Windows\System32\nvd3dumx.dll 2012-10-10 19:23:10 14922600 ----a-w- C:\Windows\System32\nvwgf2umx.dll 2012-10-09 19:14:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 19:14:18 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-02 11:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-28 07:05:04 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 20:29:33,69 ===============
- November 7, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black replied to hj_black's topic in Resolved Malware Removal Logs

decide to go through with the cleanup
- November 7, 2012
- 22 replies
Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

hj_black posted a topic in Resolved Malware Removal Logs

Hi guys, im new here and my english is bad (sorry for that) Yesterday i got that nasty HardDriveDiagnosic malware.... Today i tryed to follow Remove Hard Drive Diagnostic uninstall guide and catch 4 malwares, but i dod thet in safe mode, because like others i have all my files and programms hidden and cant connect to internet propely... After i run uninstall guide and delete 4 malwares in malwarebyters programm, my pc is still not funcioning right and ESET says im having Win32/Olmarik.TDL4 trojan in RAM... plz help John P.S. im running Win7 64bit I Run - Remove Hard Drive Diagnostic (Uninstall Guide) till 17. item, its found 4 malwares and i deleted it, but when i eanted to doeload unhide.exe after restart its still crashed IE (because firefox cannot start) and ESET says that i have Win32/Olmarik.TDL4 trojan in RAM... I dowload TDSSkiller, but its not running... ESET online scanner found 0 threats on my head i run combofix, its returned all items, i will try normal mode, because i managed to doenload files in olny safe mode with networking... P.S. heres combofix log ComboFix 12-11-05.03 - HJ 012.11.06. 2:27.1.2 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.555 [GMT 2:00] Running from: c:\users\HJ\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Q3IpIqj7q62U2a c:\windows\7Loader.TAG c:\windows\PFRO.log c:\windows\SysWow64\muzapp.exe c:\windows\SysWow64\tmpF377.tmp c:\windows\SysWow64\tmpF387.tmp . . ((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 ))))))))))))))))))))))))))))))) . . 2012-11-06 01:03 . 2012-11-06 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-05 23:49 . 2012-11-05 23:49 -------- d-----w- c:\program files (x86)\ESET 2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Apps 2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Deployment 2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\users\HJ\AppData\Roaming\Malwarebytes 2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\programdata\Malwarebytes 2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-04 23:42 . 2012-11-04 23:42 -------- d-----w- c:\users\UpdatusUser 2012-11-04 23:41 . 2012-11-05 22:12 -------- d-----w- c:\programdata\NVIDIA 2012-11-04 23:40 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-11-04 23:40 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-11-04 23:40 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-11-04 23:40 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-11-04 23:40 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-11-04 23:40 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-11-04 23:40 . 2012-10-10 19:24 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-11-04 23:40 . 2012-10-10 19:23 60776 ----a-w- c:\windows\system32\OpenCL.dll 2012-11-04 23:38 . 2012-11-04 23:38 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-11-04 23:38 . 2012-11-04 23:42 -------- d-----w- c:\program files\NVIDIA Corporation 2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\lv-LV 2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\wbem\lv-LV 2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\drivers\lv-LV 2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\wbem\lv-LV 2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\drivers\lv-LV 2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\ElevatedDiagnostics 2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\Diagnostics 2012-11-02 18:10 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D61394FB-1100-4B0E-A18C-B9B49084CB8C}\mpengine.dll 2012-10-29 21:24 . 2012-10-29 21:24 -------- d-----w- c:\program files (x86)\EA Games 2012-10-24 19:59 . 2012-10-24 19:59 -------- d-----w- C:\Games 2012-10-10 19:23 . 2012-10-10 19:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-10 19:23 . 2012-10-10 19:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-10 19:23 . 2012-10-10 19:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-10 19:23 . 2012-10-10 19:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-10 19:23 . 2012-10-10 19:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 19:23 . 2012-10-10 19:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 19:23 . 2012-10-10 19:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-10 19:23 . 2012-10-10 19:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 19:23 . 2012-10-10 19:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-10 19:23 . 2012-10-10 19:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 19:23 . 2012-10-10 19:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-10 19:22 . 2012-10-10 19:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-10 19:22 . 2012-10-10 19:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-10 19:22 . 2012-10-10 19:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-10 19:22 . 2012-10-10 19:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-10 19:22 . 2012-10-10 19:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 19:22 . 2012-10-10 19:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-10 19:22 . 2012-10-10 19:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 19:22 . 2012-10-10 19:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-10 16:32 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 16:32 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 16:32 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 16:32 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 16:32 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 16:32 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 16:32 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 16:32 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-10 19:23 . 2009-07-13 21:59 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-10 19:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-09 19:14 . 2012-03-29 05:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 19:14 . 2011-05-18 16:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-09-27 22:18 . 2011-08-15 20:29 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-08-28 07:05 . 2012-09-03 18:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2012-08-28 07:04 . 2012-08-28 07:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-08-28 07:04 . 2012-08-28 07:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll 2012-08-28 07:04 . 2012-08-28 07:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll 2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll 2012-08-28 07:04 . 2012-08-28 07:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll 2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll 2012-08-28 07:04 . 2012-08-28 07:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll 2012-08-28 07:04 . 2012-08-28 07:04 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-08-28 07:04 . 2012-08-28 07:04 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-08-28 07:04 . 2012-08-28 07:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll 2012-08-28 07:04 . 2012-08-28 07:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax 2012-08-28 07:04 . 2012-08-28 07:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll 2012-08-28 07:04 . 2012-08-28 07:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax 2012-08-28 07:04 . 2012-08-28 07:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll 2012-08-28 07:04 . 2012-08-28 07:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax 2012-08-28 07:04 . 2012-09-03 18:52 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll 2012-08-28 07:04 . 2012-08-28 07:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll 2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll 2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll 2012-08-28 07:04 . 2012-08-28 07:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax 2012-08-28 07:04 . 2012-08-28 07:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll 2012-08-28 07:04 . 2012-08-28 07:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll 2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll 2012-08-28 07:04 . 2012-08-28 07:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll 2012-08-28 07:04 . 2012-08-28 07:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax 2012-08-28 07:04 . 2012-08-28 07:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll 2012-08-28 07:04 . 2012-08-28 07:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe 2012-08-28 07:04 . 2012-08-28 07:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll 2012-08-28 07:04 . 2012-08-28 07:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax 2012-08-24 11:15 . 2012-09-22 08:17 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 08:17 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 08:17 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 08:17 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 08:17 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 08:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 08:18 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 08:17 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 08:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 08:17 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 08:17 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 08:17 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 08:17 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 08:18 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 08:18 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 08:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 08:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 08:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 08:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 08:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 17:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 17:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 17:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 17:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 18:56 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 17:38 . 2012-10-10 16:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "googletalk"="c:\users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144] R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-11 1255736] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-12 254528] . . Contents of the 'Scheduled Tasks' folder . 2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:14] . 2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10] . 2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10] . 2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000Core.job - c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16] . 2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000UA.job - c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 85.254.184.1 85.254.184.2 FF - ProfilePath - c:\users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q= . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe Wow6432Node-HKCU-Run-cDwQgxKRTfxQaqo.exe - c:\programdata\cDwQgxKRTfxQaqo.exe Wow6432Node-HKCU-Run-Q3IpIqj7q62U2a - c:\programdata\Q3IpIqj7q62U2a.exe WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-06 03:29:39 ComboFix-quarantined-files.txt 2012-11-06 01:29 . Pre-Run: 76 918 349 824 bytes free Post-Run: 77 407 498 240 bytes free . - - End Of File - - 54E226D2B2AE78D5C1420A34769C60A1 i run unhide.exe and restarted pc... (seems like combofix worked and i got some files back..) but its seems to not be fine internet connection is very slow and computer working slow... its crashed desktop gadgets http://www.bildites.lv/images/u72rf2t4v4i73yth1r0.jpg and crashed windows explorer http://www.bildites.lv/images/q12ufn2zyyivcuw33.jpg i didt manage to run not TDSSkiller or aswMBR my pc reezed i did manual restart with button and when its started still slow and eset show olmarik trojan still... its crashing even when im trying to open .jpg file http://www.bildites.lv/images/96wu4ururlams1r7ja6a.jpg
- November 6, 2012
- 22 replies

Sign In

hj_black

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by hj_black

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information