hj_black

November 10, 2012

Make a restart and still ESET says there a trojan http://www.bildites.lv/images/n8mlibp8koawie2k53m.jpg

November 10, 2012

nothing changed

still internet slow and pc crashing

November 10, 2012

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 2.9.1 (11.09.2012)

OS: Windows 7 Ultimate x64

Ran by HJ on 2012.11.10. at 9:59:51,11

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [Folder] C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

Successfully deleted: [File] C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\searchplugins\conduit.xml

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 2012.11.10. at 13:27:50,17

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-11-10 01:57:32

# local_time=2012-11-10 03:57:32 (+0200, FLE Standard Time)

# country="Latvia"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 29597 104178262 0 0

# compatibility_mode=8199 39157181 100 76 63278 70936762 0 0

# scanned=213622

# found=1

# cleaned=1

# scan_time=7439

C:\Users\HJ\Downloads\GSA.EMail.Spider.5.30.INC.SERIAL-MKDEV.TEAM\email_spider.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

November 10, 2012

its been for couple hours http://www.bildites.lv/images/dopp6dp5n83l8xfa33j.jpg

and nothnig happened, how long this scan takes?

November 9, 2012

ComboFix 12-11-08.01 - HJ 012.11.09. 1:43.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.1030 [GMT 2:00]

Running from: c:\users\HJ\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\HJ\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

.

((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))

.

2012-11-09 00:17 . 2012-11-09 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-07 18:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2B52FE2-A4A3-486B-AEE4-646067FC7EB5}\mpengine.dll

2012-11-06 19:10 . 2012-11-06 19:10 29552 ----a-w- c:\windows\system32\drivers\OlmarikFixer.sys

2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Apps

2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Deployment

2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\users\HJ\AppData\Roaming\Malwarebytes

2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\programdata\Malwarebytes

2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-04 23:42 . 2012-11-04 23:42 -------- d-----w- c:\users\UpdatusUser

2012-11-04 23:41 . 2012-11-09 00:19 -------- d-----w- c:\programdata\NVIDIA

2012-11-04 23:40 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-11-04 23:40 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-11-04 23:40 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-11-04 23:40 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-11-04 23:40 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-11-04 23:40 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-11-04 23:40 . 2012-10-10 19:24 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-11-04 23:40 . 2012-10-10 19:23 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-11-04 23:38 . 2012-11-04 23:38 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-11-04 23:38 . 2012-11-04 23:42 -------- d-----w- c:\program files\NVIDIA Corporation

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\wbem\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\drivers\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\wbem\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\drivers\lv-LV

2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\ElevatedDiagnostics

2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\Diagnostics

2012-10-29 21:24 . 2012-10-29 21:24 -------- d-----w- c:\program files (x86)\EA Games

2012-10-24 19:59 . 2012-10-24 19:59 -------- d-----w- C:\Games

2012-10-10 19:23 . 2012-10-10 19:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-10 19:23 . 2012-10-10 19:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-10 19:23 . 2012-10-10 19:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-10 19:23 . 2012-10-10 19:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-10 19:23 . 2012-10-10 19:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-10-10 19:22 . 2012-10-10 19:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-10 19:22 . 2012-10-10 19:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-10 19:22 . 2012-10-10 19:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-10 19:22 . 2012-10-10 19:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-10 19:22 . 2012-10-10 19:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-10 19:22 . 2012-10-10 19:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-10 19:22 . 2012-10-10 19:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-10 19:22 . 2012-10-10 19:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-10 16:32 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 16:32 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-10 16:32 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 16:32 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 16:32 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 16:32 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 16:32 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 16:32 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-10 19:23 . 2009-07-13 21:59 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-10 19:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-09 19:14 . 2012-03-29 05:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 19:14 . 2011-05-18 16:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-09-27 22:18 . 2011-08-15 20:29 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-08-28 07:05 . 2012-09-03 18:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-08-28 07:04 . 2012-08-28 07:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-08-28 07:04 . 2012-08-28 07:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-08-28 07:04 . 2012-08-28 07:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll

2012-08-28 07:04 . 2012-08-28 07:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll

2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll

2012-08-28 07:04 . 2012-08-28 07:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll

2012-08-28 07:04 . 2012-08-28 07:04 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-08-28 07:04 . 2012-08-28 07:04 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-08-28 07:04 . 2012-08-28 07:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll

2012-08-28 07:04 . 2012-08-28 07:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax

2012-08-28 07:04 . 2012-08-28 07:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll

2012-08-28 07:04 . 2012-08-28 07:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax

2012-08-28 07:04 . 2012-08-28 07:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll

2012-08-28 07:04 . 2012-08-28 07:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax

2012-08-28 07:04 . 2012-09-03 18:52 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-08-28 07:04 . 2012-08-28 07:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll

2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll

2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll

2012-08-28 07:04 . 2012-08-28 07:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax

2012-08-28 07:04 . 2012-08-28 07:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll

2012-08-28 07:04 . 2012-08-28 07:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll

2012-08-28 07:04 . 2012-08-28 07:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll

2012-08-28 07:04 . 2012-08-28 07:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax

2012-08-28 07:04 . 2012-08-28 07:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll

2012-08-28 07:04 . 2012-08-28 07:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe

2012-08-28 07:04 . 2012-08-28 07:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll

2012-08-28 07:04 . 2012-08-28 07:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax

2012-08-24 11:15 . 2012-09-22 08:17 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-22 08:17 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-22 08:17 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-22 08:17 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-22 08:17 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-22 08:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-22 08:18 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-22 08:17 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-22 08:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-22 08:17 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-22 08:17 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-22 08:17 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-22 08:17 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-22 08:18 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-22 08:18 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-22 08:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-22 08:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-22 08:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 08:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 08:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 17:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 17:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 17:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 17:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 18:56 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 17:38 . 2012-10-10 16:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"googletalk"="c:\users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]

R3 OlmarikFixer;Olmarik fixer kernel-mode driver;c:\windows\system32\drivers\OlmarikFixer.sys [2012-11-06 29552]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-11 1255736]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-12 254528]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:14]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000Core.job

- c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000UA.job

- c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 85.254.184.1 85.254.184.2

FF - ProfilePath - c:\users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

AddRemove-Driver San Francisco - c:\driver san francisco\Uninstall\Uninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2012-11-09 02:40:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-09 00:40

ComboFix2.txt 2012-11-06 01:29

.

Pre-Run: 359 770 533 888 bytes free

Post-Run: 359 197 511 680 bytes free

.

- - End Of File - - 9457A5EC5B369A0BDAE5BED0D4F4A43D

November 8, 2012

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.08.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

HJ :: PC_BLACK [administrator]

2012.11.08. 21:36:19

mbam-log-2012-11-08 (21-36-19).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 228395

Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

November 8, 2012

i didt manage to run not TDSSkiller or aswMBR

Doubleclick and nothing happens, its ask if i trust application i press yes and nothing

November 7, 2012

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 2011.03.08. 22:25:34

System Uptime: 2012.11.07. 20:11:19 (3 hours ago)

.

Motherboard: Biostar | | TF 570 SLI

Processor: AMD Athlon 64 X2 Dual Core Processor 5600+ | Socket M2 | 2800/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 308,967 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP176: 2012.11.05. 1:06:33 - Windows Update

RP177: 2012.11.05. 1:16:57 - Windows Update

RP178: 2012.11.05. 3:00:38 - Windows Update

RP179: 2012.11.05. 4:45:40 - Windows Update

RP180: 2012.11.05. 8:42:48 - Windows Update

RP181: 2012.11.06. 7:59:16 - Removed Vegas Pro 11.0 (64-bit)

RP182: 2012.11.06. 8:09:42 - Removed Vegas Pro 11.0 (64-bit)

RP183: 2012.11.06. 8:12:58 - Removed Vegas Pro 11.0 (64-bit)

RP184: 2012.11.06. 8:15:30 - Removed Skype Click to Call

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0)

CrazyGames.Lv Counter-Strike: Source v.75 Full [25.09.2012]

DAEMON Tools Lite

Driver San Francisco

EasyBits GO

ESET NOD32 Antivirus

FileZilla Client 3.5.3

Google Chrome

Google Earth Plug-in

Google Talk (remove only)

Google Talk Plugin

Google Update Helper

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Java Auto Updater

Java 6 Update 26

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 16.0.2 (x86 lv)

Mozilla Maintenance Service

MSVCRT Redists

Need for Speed Most Wanted

Notepad++

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

Octoshape add-in for Adobe Flash Player

OpenAL

Paint.NET v3.5.8

PASW Statistics 18

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skype™ 5.10

Ubisoft Game Launcher

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 1.1.9

Windows Live ID Sign-in Assistant

Windows Media Player Firefox Plugin

WinRAR 4.00 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

2012.11.06. 3:04:34, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

2012.11.06. 3:00:59, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

2012.11.06. 22:01:49, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2012.11.06. 21:45:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2012.11.06. 21:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2012.11.06. 21:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2012.11.06. 21:45:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2012.11.06. 21:45:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2012.11.06. 21:45:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv spldr Wanarpv6

2012.11.06. 21:38:48, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2012.11.06. 21:25:12, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

2012.11.06. 21:24:41, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

2012.11.06. 21:24:34, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2012.11.06. 21:24:18, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

2012.11.06. 2:19:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

2012.11.06. 0:30:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

2012.11.06. 0:30:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

2012.11.05. 3:24:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

2012.11.05. 3:24:04, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2012.11.05. 21:56:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

2012.11.03. 14:05:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

2012.11.01. 21:41:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

2012.10.31. 19:50:03, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

.

==== End Of File ===========================

DDS

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_26

Run by HJ at 23:36:27 on 2012-11-07

Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.667 [GMT 2:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253

uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [googletalk] C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 85.254.184.1 85.254.184.2

TCP: Interfaces\{F3CBBDF6-07A1-46BC-BA76-4D334433A9F5} : DHCPNameServer = 85.254.184.1 85.254.184.2

TCP: Interfaces\{F83EFB94-6FEF-47C0-BCAC-B14161A3860B} : DHCPNameServer = 85.254.184.1 85.254.184.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -

x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\HJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-12 254528]

R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-7-29 168544]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-8-12 810144]

R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-9-3 36328]

S3 OlmarikFixer;Olmarik fixer kernel-mode driver;C:\Windows\System32\drivers\OlmarikFixer.sys [2012-11-6 29552]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-14 20992]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-9-3 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-9-3 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-9-3 177640]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-9-3 146920]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-12 1255736]

.

=============== Created Last 30 ================

.

2012-11-07 18:14:12 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2B52FE2-A4A3-486B-AEE4-646067FC7EB5}\mpengine.dll

2012-11-06 19:10:08 29552 ----a-w- C:\Windows\System32\drivers\OlmarikFixer.sys

2012-11-06 05:15:33 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-06 00:19:20 98816 ----a-w- C:\Windows\sed.exe

2012-11-06 00:19:20 256000 ----a-w- C:\Windows\PEV.exe

2012-11-06 00:19:20 208896 ----a-w- C:\Windows\MBR.exe

2012-11-06 00:18:06 -------- d-----w- C:\ComboFix

2012-11-05 22:30:01 -------- d-----w- C:\Users\HJ\AppData\Local\Apps

2012-11-05 22:30:00 -------- d-----w- C:\Users\HJ\AppData\Local\Deployment

2012-11-05 19:57:46 -------- d-----w- C:\Users\HJ\AppData\Roaming\Malwarebytes

2012-11-05 19:57:17 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-05 19:57:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-04 23:40:48 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-11-04 23:40:48 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-11-04 23:40:48 6200680 ----a-w- C:\Windows\System32\nvcpl.dll

2012-11-04 23:40:48 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-11-04 23:40:48 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-11-04 23:40:48 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-11-04 23:40:12 60776 ----a-w- C:\Windows\System32\OpenCL.dll

2012-11-04 23:40:12 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-11-04 23:38:53 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-11-04 23:38:38 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-11-04 23:30:26 -------- d-----w- C:\Windows\lv-LV

2012-11-04 23:30:17 -------- d-----w- C:\Windows\SysWow64\wbem\lv-LV

2012-11-04 23:30:17 -------- d-----w- C:\Windows\SysWow64\drivers\lv-LV

2012-11-04 23:30:11 -------- d-----w- C:\Windows\System32\wbem\lv-LV

2012-11-04 23:30:11 -------- d-----w- C:\Windows\System32\drivers\lv-LV

2012-11-04 23:19:44 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\scfilter.sys.mui

2012-11-04 23:19:08 3584 ----a-w- C:\Windows\System32\drivers\lv-LV\portcls.sys.mui

2012-11-04 23:19:08 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\serscan.sys.mui

2012-11-04 23:19:04 3072 ----a-w- C:\Windows\System32\drivers\lv-LV\ataport.sys.mui

2012-11-04 23:19:04 2048 ----a-w- C:\Windows\System32\drivers\lv-LV\amdide.sys.mui

2012-11-04 23:19:03 47616 ----a-w- C:\Windows\System32\drivers\lv-LV\tcpip.sys.mui

2012-11-04 23:18:33 3072 ----a-w- C:\Windows\System32\drivers\lv-LV\hidbth.sys.mui

2012-11-04 23:18:32 7168 ----a-w- C:\Windows\System32\drivers\lv-LV\bthport.sys.mui

2012-11-04 23:18:32 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\BTHUSB.SYS.mui

2012-11-04 23:18:32 2048 ----a-w- C:\Windows\System32\drivers\lv-LV\bthenum.sys.mui

2012-11-04 23:01:20 -------- d-----w- C:\Users\HJ\AppData\Local\ElevatedDiagnostics

2012-11-04 23:01:02 -------- d-----w- C:\Users\HJ\AppData\Local\Diagnostics

2012-10-29 21:24:26 -------- d-----w- C:\Program Files (x86)\EA Games

2012-10-26 21:04:59 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-10-26 21:04:59 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2012-10-26 21:04:59 116192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe

2012-10-26 21:04:58 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-10-26 21:04:58 261600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-10-26 21:04:58 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2012-10-24 19:59:20 -------- d-----w- C:\Games

2012-10-10 19:23:48 1867112 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll

2012-10-10 19:23:40 1482600 ----a-w- C:\Windows\System32\nvdispgenco64.dll

2012-10-10 19:23:38 6127464 ----a-w- C:\Windows\SysWow64\nvopencl.dll

2012-10-10 19:23:38 2574696 ----a-w- C:\Windows\SysWow64\nvcuvid.dll

2012-10-10 19:23:34 25256296 ----a-w- C:\Windows\System32\nvcompiler.dll

2012-10-10 19:23:24 7414632 ----a-w- C:\Windows\System32\nvopencl.dll

2012-10-10 19:23:24 2731880 ----a-w- C:\Windows\System32\nvapi64.dll

2012-10-10 19:23:06 9146728 ----a-w- C:\Windows\System32\nvcuda.dll

2012-10-10 19:23:04 7697768 ----a-w- C:\Windows\SysWow64\nvcuda.dll

2012-10-10 19:23:00 2218344 ----a-w- C:\Windows\System32\nvcuvenc.dll

2012-10-10 19:23:00 12501352 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2012-10-10 19:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll

2012-10-10 19:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll

2012-10-10 19:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll

2012-10-10 19:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll

2012-10-10 19:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll

2012-10-10 19:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll

2012-10-10 19:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys

2012-10-10 19:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll

2012-10-10 16:32:50 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-10 16:32:50 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-10 16:32:42 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-10 16:32:42 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 16:32:41 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 16:32:41 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 16:32:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 16:32:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-10-10 19:23:48 18252136 ----a-w- C:\Windows\System32\nvd3dumx.dll

2012-10-10 19:23:10 14922600 ----a-w- C:\Windows\System32\nvwgf2umx.dll

2012-10-09 19:14:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 19:14:18 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-02 11:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-28 07:05:04 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 23:40:14,82 ===============

November 7, 2012

This is when problems started - 2012-11-04 23:01:02 -------- d-----w- C:\Users\HJ\AppData\Local\Diagnostics

November 7, 2012

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 2011.03.08. 22:25:34

System Uptime: 2012.11.07. 20:11:19 (0 hours ago)

.

Motherboard: Biostar | | TF 570 SLI

Processor: AMD Athlon 64 X2 Dual Core Processor 5600+ | Socket M2 | 980/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 309,111 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP176: 2012.11.05. 1:06:33 - Windows Update

RP177: 2012.11.05. 1:16:57 - Windows Update

RP178: 2012.11.05. 3:00:38 - Windows Update

RP179: 2012.11.05. 4:45:40 - Windows Update

RP180: 2012.11.05. 8:42:48 - Windows Update

RP181: 2012.11.06. 7:59:16 - Removed Vegas Pro 11.0 (64-bit)

RP182: 2012.11.06. 8:09:42 - Removed Vegas Pro 11.0 (64-bit)

RP183: 2012.11.06. 8:12:58 - Removed Vegas Pro 11.0 (64-bit)

RP184: 2012.11.06. 8:15:30 - Removed Skype Click to Call

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0)

µTorrent