Jump to content

Need Help: HardDriveDiagnosic malware + Win32/Olmarik.TDL4 trojan in RAM


Recommended Posts

Hi guys,

im new here and my english is bad (sorry for that)

Yesterday i got that nasty HardDriveDiagnosic malware....

Today i tryed to follow Remove Hard Drive Diagnostic uninstall guide and catch 4 malwares, but i dod thet in safe mode, because like others i have all my files and programms hidden and cant connect to internet propely...

After i run uninstall guide and delete 4 malwares in malwarebyters programm, my pc is still not funcioning right and ESET says im having Win32/Olmarik.TDL4 trojan in RAM...

plz help

John

P.S. im running Win7 64bit

I Run - Remove Hard Drive Diagnostic (Uninstall Guide) till 17. item, its found 4 malwares and i deleted it, but when i eanted to doeload unhide.exe after restart its still crashed IE (because firefox cannot start) and ESET says that i have Win32/Olmarik.TDL4 trojan in RAM...

I dowload TDSSkiller, but its not running...

ESET online scanner found 0 threats

on my head i run combofix, its returned all items, i will try normal mode, because i managed to doenload files in olny safe mode with networking...

P.S. heres combofix log

ComboFix 12-11-05.03 - HJ 012.11.06. 2:27.1.2 - x64 NETWORK

Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.555 [GMT 2:00]

Running from: c:\users\HJ\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Q3IpIqj7q62U2a

c:\windows\7Loader.TAG

c:\windows\PFRO.log

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\tmpF377.tmp

c:\windows\SysWow64\tmpF387.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))

.

.

2012-11-06 01:03 . 2012-11-06 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-05 23:49 . 2012-11-05 23:49 -------- d-----w- c:\program files (x86)\ESET

2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Apps

2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Deployment

2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\users\HJ\AppData\Roaming\Malwarebytes

2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\programdata\Malwarebytes

2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-04 23:42 . 2012-11-04 23:42 -------- d-----w- c:\users\UpdatusUser

2012-11-04 23:41 . 2012-11-05 22:12 -------- d-----w- c:\programdata\NVIDIA

2012-11-04 23:40 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-11-04 23:40 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-11-04 23:40 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-11-04 23:40 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-11-04 23:40 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-11-04 23:40 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-11-04 23:40 . 2012-10-10 19:24 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-11-04 23:40 . 2012-10-10 19:23 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-11-04 23:38 . 2012-11-04 23:38 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-11-04 23:38 . 2012-11-04 23:42 -------- d-----w- c:\program files\NVIDIA Corporation

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\wbem\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\drivers\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\wbem\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\drivers\lv-LV

2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\ElevatedDiagnostics

2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\Diagnostics

2012-11-02 18:10 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D61394FB-1100-4B0E-A18C-B9B49084CB8C}\mpengine.dll

2012-10-29 21:24 . 2012-10-29 21:24 -------- d-----w- c:\program files (x86)\EA Games

2012-10-24 19:59 . 2012-10-24 19:59 -------- d-----w- C:\Games

2012-10-10 19:23 . 2012-10-10 19:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-10 19:23 . 2012-10-10 19:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-10 19:23 . 2012-10-10 19:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-10 19:23 . 2012-10-10 19:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-10 19:23 . 2012-10-10 19:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-10-10 19:22 . 2012-10-10 19:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-10 19:22 . 2012-10-10 19:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-10 19:22 . 2012-10-10 19:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-10 19:22 . 2012-10-10 19:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-10 19:22 . 2012-10-10 19:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-10 19:22 . 2012-10-10 19:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-10 19:22 . 2012-10-10 19:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-10 19:22 . 2012-10-10 19:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-10 16:32 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 16:32 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-10 16:32 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 16:32 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 16:32 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 16:32 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 16:32 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 16:32 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-10 19:23 . 2009-07-13 21:59 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-10 19:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-09 19:14 . 2012-03-29 05:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 19:14 . 2011-05-18 16:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-09-27 22:18 . 2011-08-15 20:29 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-08-28 07:05 . 2012-09-03 18:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-08-28 07:04 . 2012-08-28 07:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-08-28 07:04 . 2012-08-28 07:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-08-28 07:04 . 2012-08-28 07:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll

2012-08-28 07:04 . 2012-08-28 07:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll

2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll

2012-08-28 07:04 . 2012-08-28 07:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll

2012-08-28 07:04 . 2012-08-28 07:04 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-08-28 07:04 . 2012-08-28 07:04 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-08-28 07:04 . 2012-08-28 07:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll

2012-08-28 07:04 . 2012-08-28 07:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax

2012-08-28 07:04 . 2012-08-28 07:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll

2012-08-28 07:04 . 2012-08-28 07:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax

2012-08-28 07:04 . 2012-08-28 07:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll

2012-08-28 07:04 . 2012-08-28 07:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax

2012-08-28 07:04 . 2012-09-03 18:52 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-08-28 07:04 . 2012-08-28 07:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll

2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll

2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll

2012-08-28 07:04 . 2012-08-28 07:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax

2012-08-28 07:04 . 2012-08-28 07:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll

2012-08-28 07:04 . 2012-08-28 07:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll

2012-08-28 07:04 . 2012-08-28 07:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll

2012-08-28 07:04 . 2012-08-28 07:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax

2012-08-28 07:04 . 2012-08-28 07:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll

2012-08-28 07:04 . 2012-08-28 07:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe

2012-08-28 07:04 . 2012-08-28 07:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll

2012-08-28 07:04 . 2012-08-28 07:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax

2012-08-24 11:15 . 2012-09-22 08:17 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-22 08:17 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-22 08:17 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-22 08:17 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-22 08:17 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-22 08:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-22 08:18 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-22 08:17 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-22 08:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-22 08:17 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-22 08:17 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-22 08:17 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-22 08:17 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-22 08:18 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-22 08:18 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-22 08:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-22 08:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-22 08:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 08:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 08:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 17:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 17:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 17:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 17:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 18:56 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 17:38 . 2012-10-10 16:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"googletalk"="c:\users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-11 1255736]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-12 254528]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:14]

.

2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10]

.

2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10]

.

2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000Core.job

- c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16]

.

2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000UA.job

- c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 85.254.184.1 85.254.184.2

FF - ProfilePath - c:\users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe

Wow6432Node-HKCU-Run-cDwQgxKRTfxQaqo.exe - c:\programdata\cDwQgxKRTfxQaqo.exe

Wow6432Node-HKCU-Run-Q3IpIqj7q62U2a - c:\programdata\Q3IpIqj7q62U2a.exe

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-06 03:29:39

ComboFix-quarantined-files.txt 2012-11-06 01:29

.

Pre-Run: 76 918 349 824 bytes free

Post-Run: 77 407 498 240 bytes free

.

- - End Of File - - 54E226D2B2AE78D5C1420A34769C60A1

i run unhide.exe and restarted pc... (seems like combofix worked and i got some files back..)

but its seems to not be fine

internet connection is very slow and computer working slow...

its crashed desktop gadgets http://www.bildites.lv/images/u72rf2t4v4i73yth1r0.jpg

and crashed windows explorer http://www.bildites.lv/images/q12ufn2zyyivcuw33.jpg

i didt manage to run not TDSSkiller or aswMBR

my pc reezed i did manual restart with button and when its started still slow and eset show olmarik trojan still... :(

its crashing even when im trying to open .jpg file http://www.bildites.lv/images/96wu4ururlams1r7ja6a.jpg

Link to post
Share on other sites

Hello John and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know.

Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Link to post
Share on other sites

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 2011.03.08. 22:25:34

System Uptime: 2012.11.07. 20:11:19 (0 hours ago)

.

Motherboard: Biostar | | TF 570 SLI

Processor: AMD Athlon 64 X2 Dual Core Processor 5600+ | Socket M2 | 980/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 309,111 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP176: 2012.11.05. 1:06:33 - Windows Update

RP177: 2012.11.05. 1:16:57 - Windows Update

RP178: 2012.11.05. 3:00:38 - Windows Update

RP179: 2012.11.05. 4:45:40 - Windows Update

RP180: 2012.11.05. 8:42:48 - Windows Update

RP181: 2012.11.06. 7:59:16 - Removed Vegas Pro 11.0 (64-bit)

RP182: 2012.11.06. 8:09:42 - Removed Vegas Pro 11.0 (64-bit)

RP183: 2012.11.06. 8:12:58 - Removed Vegas Pro 11.0 (64-bit)

RP184: 2012.11.06. 8:15:30 - Removed Skype Click to Call

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0)

µTorrent

CrazyGames.Lv Counter-Strike: Source v.75 Full [25.09.2012]

DAEMON Tools Lite

Driver San Francisco

EasyBits GO

ESET NOD32 Antivirus

FileZilla Client 3.5.3

Google Chrome

Google Earth Plug-in

Google Talk (remove only)

Google Talk Plugin

Google Update Helper

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Java Auto Updater

Java 6 Update 26

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 16.0.2 (x86 lv)

Mozilla Maintenance Service

MSVCRT Redists

Need for Speed Most Wanted

Notepad++

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

Octoshape add-in for Adobe Flash Player

OpenAL

Paint.NET v3.5.8

PASW Statistics 18

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skype™ 5.10

Ubisoft Game Launcher

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 1.1.9

Windows Live ID Sign-in Assistant

Windows Media Player Firefox Plugin

WinRAR 4.00 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

2012.11.06. 3:04:34, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

2012.11.06. 3:00:59, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

2012.11.06. 22:01:49, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2012.11.06. 21:45:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2012.11.06. 21:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2012.11.06. 21:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2012.11.06. 21:45:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2012.11.06. 21:45:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2012.11.06. 21:45:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv spldr Wanarpv6

2012.11.06. 21:38:48, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2012.11.06. 21:25:12, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

2012.11.06. 21:24:41, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

2012.11.06. 21:24:34, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2012.11.06. 21:24:18, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

2012.11.06. 2:19:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

2012.11.06. 0:30:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

2012.11.06. 0:30:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

2012.11.05. 3:24:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

2012.11.05. 3:24:04, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2012.11.05. 21:56:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

2012.11.03. 14:05:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

2012.11.01. 21:41:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

2012.10.31. 19:50:03, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

.

==== End Of File ===========================

DDS

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_26

Run by HJ at 20:25:30 on 2012-11-07

Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.535 [GMT 2:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253

uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [googletalk] C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 85.254.184.1 85.254.184.2

TCP: Interfaces\{F3CBBDF6-07A1-46BC-BA76-4D334433A9F5} : DHCPNameServer = 85.254.184.1 85.254.184.2

TCP: Interfaces\{F83EFB94-6FEF-47C0-BCAC-B14161A3860B} : DHCPNameServer = 85.254.184.1 85.254.184.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -

x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\HJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-12 254528]

R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-7-29 168544]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-8-12 810144]

R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-9-3 36328]

S3 OlmarikFixer;Olmarik fixer kernel-mode driver;C:\Windows\System32\drivers\OlmarikFixer.sys [2012-11-6 29552]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-14 20992]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-9-3 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-9-3 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-9-3 177640]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-9-3 146920]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-12 1255736]

.

=============== Created Last 30 ================

.

2012-11-07 18:14:12 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2B52FE2-A4A3-486B-AEE4-646067FC7EB5}\mpengine.dll

2012-11-06 19:10:08 29552 ----a-w- C:\Windows\System32\drivers\OlmarikFixer.sys

2012-11-06 05:15:33 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-06 00:19:20 98816 ----a-w- C:\Windows\sed.exe

2012-11-06 00:19:20 256000 ----a-w- C:\Windows\PEV.exe

2012-11-06 00:19:20 208896 ----a-w- C:\Windows\MBR.exe

2012-11-06 00:18:06 -------- d-----w- C:\ComboFix

2012-11-05 22:30:01 -------- d-----w- C:\Users\HJ\AppData\Local\Apps

2012-11-05 22:30:00 -------- d-----w- C:\Users\HJ\AppData\Local\Deployment

2012-11-05 19:57:46 -------- d-----w- C:\Users\HJ\AppData\Roaming\Malwarebytes

2012-11-05 19:57:17 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-05 19:57:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-04 23:40:48 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-11-04 23:40:48 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-11-04 23:40:48 6200680 ----a-w- C:\Windows\System32\nvcpl.dll

2012-11-04 23:40:48 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-11-04 23:40:48 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-11-04 23:40:48 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-11-04 23:40:12 60776 ----a-w- C:\Windows\System32\OpenCL.dll

2012-11-04 23:40:12 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-11-04 23:38:53 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-11-04 23:38:38 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-11-04 23:30:26 -------- d-----w- C:\Windows\lv-LV

2012-11-04 23:30:17 -------- d-----w- C:\Windows\SysWow64\wbem\lv-LV

2012-11-04 23:30:17 -------- d-----w- C:\Windows\SysWow64\drivers\lv-LV

2012-11-04 23:30:11 -------- d-----w- C:\Windows\System32\wbem\lv-LV

2012-11-04 23:30:11 -------- d-----w- C:\Windows\System32\drivers\lv-LV

2012-11-04 23:19:44 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\scfilter.sys.mui

2012-11-04 23:19:08 3584 ----a-w- C:\Windows\System32\drivers\lv-LV\portcls.sys.mui

2012-11-04 23:19:08 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\serscan.sys.mui

2012-11-04 23:19:04 3072 ----a-w- C:\Windows\System32\drivers\lv-LV\ataport.sys.mui

2012-11-04 23:19:04 2048 ----a-w- C:\Windows\System32\drivers\lv-LV\amdide.sys.mui

2012-11-04 23:19:03 47616 ----a-w- C:\Windows\System32\drivers\lv-LV\tcpip.sys.mui

2012-11-04 23:18:33 3072 ----a-w- C:\Windows\System32\drivers\lv-LV\hidbth.sys.mui

2012-11-04 23:18:32 7168 ----a-w- C:\Windows\System32\drivers\lv-LV\bthport.sys.mui

2012-11-04 23:18:32 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\BTHUSB.SYS.mui

2012-11-04 23:18:32 2048 ----a-w- C:\Windows\System32\drivers\lv-LV\bthenum.sys.mui

2012-11-04 23:01:20 -------- d-----w- C:\Users\HJ\AppData\Local\ElevatedDiagnostics

2012-11-04 23:01:02 -------- d-----w- C:\Users\HJ\AppData\Local\Diagnostics

2012-10-29 21:24:26 -------- d-----w- C:\Program Files (x86)\EA Games

2012-10-26 21:04:59 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-10-26 21:04:59 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2012-10-26 21:04:59 116192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe

2012-10-26 21:04:58 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-10-26 21:04:58 261600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-10-26 21:04:58 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2012-10-24 19:59:20 -------- d-----w- C:\Games

2012-10-10 19:23:48 1867112 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll

2012-10-10 19:23:40 1482600 ----a-w- C:\Windows\System32\nvdispgenco64.dll

2012-10-10 19:23:38 6127464 ----a-w- C:\Windows\SysWow64\nvopencl.dll

2012-10-10 19:23:38 2574696 ----a-w- C:\Windows\SysWow64\nvcuvid.dll

2012-10-10 19:23:34 25256296 ----a-w- C:\Windows\System32\nvcompiler.dll

2012-10-10 19:23:24 7414632 ----a-w- C:\Windows\System32\nvopencl.dll

2012-10-10 19:23:24 2731880 ----a-w- C:\Windows\System32\nvapi64.dll

2012-10-10 19:23:06 9146728 ----a-w- C:\Windows\System32\nvcuda.dll

2012-10-10 19:23:04 7697768 ----a-w- C:\Windows\SysWow64\nvcuda.dll

2012-10-10 19:23:00 2218344 ----a-w- C:\Windows\System32\nvcuvenc.dll

2012-10-10 19:23:00 12501352 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2012-10-10 19:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll

2012-10-10 19:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll

2012-10-10 19:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll

2012-10-10 19:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll

2012-10-10 19:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll

2012-10-10 19:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll

2012-10-10 19:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys

2012-10-10 19:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll

2012-10-10 16:32:50 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-10 16:32:50 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-10 16:32:42 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-10 16:32:42 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 16:32:41 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 16:32:41 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 16:32:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 16:32:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-10-10 19:23:48 18252136 ----a-w- C:\Windows\System32\nvd3dumx.dll

2012-10-10 19:23:10 14922600 ----a-w- C:\Windows\System32\nvwgf2umx.dll

2012-10-09 19:14:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 19:14:18 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-02 11:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-28 07:05:04 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 20:29:33,69 ===============

Link to post
Share on other sites

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 2011.03.08. 22:25:34

System Uptime: 2012.11.07. 20:11:19 (3 hours ago)

.

Motherboard: Biostar | | TF 570 SLI

Processor: AMD Athlon 64 X2 Dual Core Processor 5600+ | Socket M2 | 2800/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 308,967 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP176: 2012.11.05. 1:06:33 - Windows Update

RP177: 2012.11.05. 1:16:57 - Windows Update

RP178: 2012.11.05. 3:00:38 - Windows Update

RP179: 2012.11.05. 4:45:40 - Windows Update

RP180: 2012.11.05. 8:42:48 - Windows Update

RP181: 2012.11.06. 7:59:16 - Removed Vegas Pro 11.0 (64-bit)

RP182: 2012.11.06. 8:09:42 - Removed Vegas Pro 11.0 (64-bit)

RP183: 2012.11.06. 8:12:58 - Removed Vegas Pro 11.0 (64-bit)

RP184: 2012.11.06. 8:15:30 - Removed Skype Click to Call

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0)

CrazyGames.Lv Counter-Strike: Source v.75 Full [25.09.2012]

DAEMON Tools Lite

Driver San Francisco

EasyBits GO

ESET NOD32 Antivirus

FileZilla Client 3.5.3

Google Chrome

Google Earth Plug-in

Google Talk (remove only)

Google Talk Plugin

Google Update Helper

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Java Auto Updater

Java 6 Update 26

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 16.0.2 (x86 lv)

Mozilla Maintenance Service

MSVCRT Redists

Need for Speed Most Wanted

Notepad++

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

Octoshape add-in for Adobe Flash Player

OpenAL

Paint.NET v3.5.8

PASW Statistics 18

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skype™ 5.10

Ubisoft Game Launcher

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 1.1.9

Windows Live ID Sign-in Assistant

Windows Media Player Firefox Plugin

WinRAR 4.00 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

2012.11.06. 3:04:34, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

2012.11.06. 3:00:59, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

2012.11.06. 22:01:49, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2012.11.06. 21:45:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2012.11.06. 21:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2012.11.06. 21:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2012.11.06. 21:45:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2012.11.06. 21:45:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2012.11.06. 21:45:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv spldr Wanarpv6

2012.11.06. 21:38:48, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2012.11.06. 21:25:12, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

2012.11.06. 21:24:41, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

2012.11.06. 21:24:34, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2012.11.06. 21:24:18, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

2012.11.06. 2:19:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

2012.11.06. 0:30:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

2012.11.06. 0:30:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

2012.11.05. 3:24:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

2012.11.05. 3:24:04, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2012.11.05. 21:56:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

2012.11.03. 14:05:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

2012.11.01. 21:41:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

2012.10.31. 19:50:03, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

.

==== End Of File ===========================

DDS

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_26

Run by HJ at 23:36:27 on 2012-11-07

Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.667 [GMT 2:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253

uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [googletalk] C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 85.254.184.1 85.254.184.2

TCP: Interfaces\{F3CBBDF6-07A1-46BC-BA76-4D334433A9F5} : DHCPNameServer = 85.254.184.1 85.254.184.2

TCP: Interfaces\{F83EFB94-6FEF-47C0-BCAC-B14161A3860B} : DHCPNameServer = 85.254.184.1 85.254.184.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -

x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\HJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-12 254528]

R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-7-29 168544]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-8-12 810144]

R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-9-3 36328]

S3 OlmarikFixer;Olmarik fixer kernel-mode driver;C:\Windows\System32\drivers\OlmarikFixer.sys [2012-11-6 29552]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-14 20992]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-9-3 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-9-3 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-9-3 177640]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-9-3 146920]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-12 1255736]

.

=============== Created Last 30 ================

.

2012-11-07 18:14:12 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2B52FE2-A4A3-486B-AEE4-646067FC7EB5}\mpengine.dll

2012-11-06 19:10:08 29552 ----a-w- C:\Windows\System32\drivers\OlmarikFixer.sys

2012-11-06 05:15:33 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-06 00:19:20 98816 ----a-w- C:\Windows\sed.exe

2012-11-06 00:19:20 256000 ----a-w- C:\Windows\PEV.exe

2012-11-06 00:19:20 208896 ----a-w- C:\Windows\MBR.exe

2012-11-06 00:18:06 -------- d-----w- C:\ComboFix

2012-11-05 22:30:01 -------- d-----w- C:\Users\HJ\AppData\Local\Apps

2012-11-05 22:30:00 -------- d-----w- C:\Users\HJ\AppData\Local\Deployment

2012-11-05 19:57:46 -------- d-----w- C:\Users\HJ\AppData\Roaming\Malwarebytes

2012-11-05 19:57:17 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-05 19:57:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-04 23:40:48 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-11-04 23:40:48 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-11-04 23:40:48 6200680 ----a-w- C:\Windows\System32\nvcpl.dll

2012-11-04 23:40:48 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-11-04 23:40:48 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-11-04 23:40:48 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-11-04 23:40:12 60776 ----a-w- C:\Windows\System32\OpenCL.dll

2012-11-04 23:40:12 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-11-04 23:38:53 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-11-04 23:38:38 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-11-04 23:30:26 -------- d-----w- C:\Windows\lv-LV

2012-11-04 23:30:17 -------- d-----w- C:\Windows\SysWow64\wbem\lv-LV

2012-11-04 23:30:17 -------- d-----w- C:\Windows\SysWow64\drivers\lv-LV

2012-11-04 23:30:11 -------- d-----w- C:\Windows\System32\wbem\lv-LV

2012-11-04 23:30:11 -------- d-----w- C:\Windows\System32\drivers\lv-LV

2012-11-04 23:19:44 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\scfilter.sys.mui

2012-11-04 23:19:08 3584 ----a-w- C:\Windows\System32\drivers\lv-LV\portcls.sys.mui

2012-11-04 23:19:08 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\serscan.sys.mui

2012-11-04 23:19:04 3072 ----a-w- C:\Windows\System32\drivers\lv-LV\ataport.sys.mui

2012-11-04 23:19:04 2048 ----a-w- C:\Windows\System32\drivers\lv-LV\amdide.sys.mui

2012-11-04 23:19:03 47616 ----a-w- C:\Windows\System32\drivers\lv-LV\tcpip.sys.mui

2012-11-04 23:18:33 3072 ----a-w- C:\Windows\System32\drivers\lv-LV\hidbth.sys.mui

2012-11-04 23:18:32 7168 ----a-w- C:\Windows\System32\drivers\lv-LV\bthport.sys.mui

2012-11-04 23:18:32 2560 ----a-w- C:\Windows\System32\drivers\lv-LV\BTHUSB.SYS.mui

2012-11-04 23:18:32 2048 ----a-w- C:\Windows\System32\drivers\lv-LV\bthenum.sys.mui

2012-11-04 23:01:20 -------- d-----w- C:\Users\HJ\AppData\Local\ElevatedDiagnostics

2012-11-04 23:01:02 -------- d-----w- C:\Users\HJ\AppData\Local\Diagnostics

2012-10-29 21:24:26 -------- d-----w- C:\Program Files (x86)\EA Games

2012-10-26 21:04:59 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-10-26 21:04:59 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2012-10-26 21:04:59 116192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe

2012-10-26 21:04:58 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-10-26 21:04:58 261600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-10-26 21:04:58 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2012-10-24 19:59:20 -------- d-----w- C:\Games

2012-10-10 19:23:48 1867112 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll

2012-10-10 19:23:40 1482600 ----a-w- C:\Windows\System32\nvdispgenco64.dll

2012-10-10 19:23:38 6127464 ----a-w- C:\Windows\SysWow64\nvopencl.dll

2012-10-10 19:23:38 2574696 ----a-w- C:\Windows\SysWow64\nvcuvid.dll

2012-10-10 19:23:34 25256296 ----a-w- C:\Windows\System32\nvcompiler.dll

2012-10-10 19:23:24 7414632 ----a-w- C:\Windows\System32\nvopencl.dll

2012-10-10 19:23:24 2731880 ----a-w- C:\Windows\System32\nvapi64.dll

2012-10-10 19:23:06 9146728 ----a-w- C:\Windows\System32\nvcuda.dll

2012-10-10 19:23:04 7697768 ----a-w- C:\Windows\SysWow64\nvcuda.dll

2012-10-10 19:23:00 2218344 ----a-w- C:\Windows\System32\nvcuvenc.dll

2012-10-10 19:23:00 12501352 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2012-10-10 19:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll

2012-10-10 19:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll

2012-10-10 19:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll

2012-10-10 19:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll

2012-10-10 19:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll

2012-10-10 19:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll

2012-10-10 19:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys

2012-10-10 19:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll

2012-10-10 16:32:50 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-10 16:32:50 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-10 16:32:42 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-10 16:32:42 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 16:32:41 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 16:32:41 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 16:32:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 16:32:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-10-10 19:23:48 18252136 ----a-w- C:\Windows\System32\nvd3dumx.dll

2012-10-10 19:23:10 14922600 ----a-w- C:\Windows\System32\nvwgf2umx.dll

2012-10-09 19:14:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 19:14:18 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-02 11:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-28 07:05:04 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 23:40:14,82 ===============

Link to post
Share on other sites

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.08.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

HJ :: PC_BLACK [administrator]

2012.11.08. 21:36:19

mbam-log-2012-11-08 (21-36-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228395

Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 12-11-08.01 - HJ 012.11.09. 1:43.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.1030 [GMT 2:00]

Running from: c:\users\HJ\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\HJ\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))

.

.

2012-11-09 00:17 . 2012-11-09 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-07 18:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2B52FE2-A4A3-486B-AEE4-646067FC7EB5}\mpengine.dll

2012-11-06 19:10 . 2012-11-06 19:10 29552 ----a-w- c:\windows\system32\drivers\OlmarikFixer.sys

2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Apps

2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Deployment

2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\users\HJ\AppData\Roaming\Malwarebytes

2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\programdata\Malwarebytes

2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-04 23:42 . 2012-11-04 23:42 -------- d-----w- c:\users\UpdatusUser

2012-11-04 23:41 . 2012-11-09 00:19 -------- d-----w- c:\programdata\NVIDIA

2012-11-04 23:40 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-11-04 23:40 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-11-04 23:40 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-11-04 23:40 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-11-04 23:40 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-11-04 23:40 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-11-04 23:40 . 2012-10-10 19:24 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-11-04 23:40 . 2012-10-10 19:23 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-11-04 23:38 . 2012-11-04 23:38 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-11-04 23:38 . 2012-11-04 23:42 -------- d-----w- c:\program files\NVIDIA Corporation

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\wbem\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\drivers\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\wbem\lv-LV

2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\drivers\lv-LV

2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\ElevatedDiagnostics

2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\Diagnostics

2012-10-29 21:24 . 2012-10-29 21:24 -------- d-----w- c:\program files (x86)\EA Games

2012-10-24 19:59 . 2012-10-24 19:59 -------- d-----w- C:\Games

2012-10-10 19:23 . 2012-10-10 19:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-10 19:23 . 2012-10-10 19:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-10 19:23 . 2012-10-10 19:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-10 19:23 . 2012-10-10 19:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-10 19:23 . 2012-10-10 19:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-10 19:23 . 2012-10-10 19:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-10 19:23 . 2012-10-10 19:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-10 19:23 . 2012-10-10 19:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-10-10 19:22 . 2012-10-10 19:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-10 19:22 . 2012-10-10 19:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-10 19:22 . 2012-10-10 19:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-10 19:22 . 2012-10-10 19:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-10 19:22 . 2012-10-10 19:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-10 19:22 . 2012-10-10 19:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-10 19:22 . 2012-10-10 19:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-10 19:22 . 2012-10-10 19:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-10 16:32 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 16:32 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-10 16:32 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 16:32 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 16:32 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 16:32 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 16:32 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 16:32 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-10 19:23 . 2009-07-13 21:59 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-10 19:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-09 19:14 . 2012-03-29 05:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 19:14 . 2011-05-18 16:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-09-27 22:18 . 2011-08-15 20:29 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-08-28 07:05 . 2012-09-03 18:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-08-28 07:04 . 2012-08-28 07:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-08-28 07:04 . 2012-08-28 07:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-08-28 07:04 . 2012-08-28 07:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll

2012-08-28 07:04 . 2012-08-28 07:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll

2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll

2012-08-28 07:04 . 2012-08-28 07:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll

2012-08-28 07:04 . 2012-08-28 07:04 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-08-28 07:04 . 2012-08-28 07:04 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-08-28 07:04 . 2012-08-28 07:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll

2012-08-28 07:04 . 2012-08-28 07:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax

2012-08-28 07:04 . 2012-08-28 07:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll

2012-08-28 07:04 . 2012-08-28 07:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax

2012-08-28 07:04 . 2012-08-28 07:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll

2012-08-28 07:04 . 2012-08-28 07:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax

2012-08-28 07:04 . 2012-09-03 18:52 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-08-28 07:04 . 2012-08-28 07:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll

2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll

2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll

2012-08-28 07:04 . 2012-08-28 07:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax

2012-08-28 07:04 . 2012-08-28 07:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll

2012-08-28 07:04 . 2012-08-28 07:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll

2012-08-28 07:04 . 2012-08-28 07:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll

2012-08-28 07:04 . 2012-08-28 07:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax

2012-08-28 07:04 . 2012-08-28 07:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll

2012-08-28 07:04 . 2012-08-28 07:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe

2012-08-28 07:04 . 2012-08-28 07:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll

2012-08-28 07:04 . 2012-08-28 07:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax

2012-08-24 11:15 . 2012-09-22 08:17 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-22 08:17 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-22 08:17 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-22 08:17 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-22 08:17 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-22 08:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-22 08:18 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-22 08:17 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-22 08:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-22 08:17 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-22 08:17 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-22 08:17 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-22 08:17 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-22 08:18 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-22 08:18 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-22 08:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-22 08:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-22 08:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 08:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 08:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 17:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 17:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 17:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 17:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 18:56 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 17:38 . 2012-10-10 16:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"googletalk"="c:\users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]

R3 OlmarikFixer;Olmarik fixer kernel-mode driver;c:\windows\system32\drivers\OlmarikFixer.sys [2012-11-06 29552]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-11 1255736]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-12 254528]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:14]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000Core.job

- c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000UA.job

- c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 85.254.184.1 85.254.184.2

FF - ProfilePath - c:\users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

AddRemove-Driver San Francisco - c:\driver san francisco\Uninstall\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2012-11-09 02:40:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-09 00:40

ComboFix2.txt 2012-11-06 01:29

.

Pre-Run: 359 770 533 888 bytes free

Post-Run: 359 197 511 680 bytes free

.

- - End Of File - - 9457A5EC5B369A0BDAE5BED0D4F4A43D

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next reply, post the following log files:

  • JRT log
  • ESET Online Scanner log

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 2.9.1 (11.09.2012)

OS: Windows 7 Ultimate x64

Ran by HJ on 2012.11.10. at 9:59:51,11

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [Folder] C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

Successfully deleted: [File] C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\searchplugins\conduit.xml

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 2012.11.10. at 13:27:50,17

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-11-10 01:57:32

# local_time=2012-11-10 03:57:32 (+0200, FLE Standard Time)

# country="Latvia"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 29597 104178262 0 0

# compatibility_mode=8199 39157181 100 76 63278 70936762 0 0

# scanned=213622

# found=1

# cleaned=1

# scan_time=7439

C:\Users\HJ\Downloads\GSA.EMail.Spider.5.30.INC.SERIAL-MKDEV.TEAM\email_spider.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.