Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Google warns uBlock Origin and other extensions may be disabled soon

Featured Deal: Train to be a certified ethical hacker with this $50 course bundle deal

Latest Buyer's Guide:    PureVPN review: How good is it in 2024?

Generic User Avatar

Hard drive failure critical error #2

Started by hj_black , Nov 05 2012 05:53 PM

  • This topic is locked This topic is locked
120 replies to this topic

#1 hj_black

hj_black

  • Avatar image
  • Members
  • 65 posts
  • OFFLINE
    •  
  • Local time:05:18 AM

Posted 05 November 2012 - 05:53 PM

Mod Edit: Merged posts by OP, pruned other posts before moving topic to Malware Removal Logs - Hamluis.


Hi guys,

im new here and my english is bad (sorry for that)

Yesterday i got that nasty HardDriveDiagnosic malware....

Today i tryed to follow Remove Hard Drive Diagnostic uninstall guide and catch 4 malwares, but i dod thet in safe mode, because like others i have all my files and programms hidden and cant connect to internet propely...

After i run uninstall guide and delete 4 malwares in malwarebyters programm, my pc is still not funcioning right and ESET says im having Win32/Olmarik.TDL4 trojan in RAM...

plz help

John

P.S. im running Win7 64bit

I Run - Remove Hard Drive Diagnostic (Uninstall Guide) till 17. item, its found 4 malwares and i deleted it, but when i eanted to doeload unhide.exe after restart its still crashed IE (because firefox cannot start) and ESET says that i have Win32/Olmarik.TDL4 trojan in RAM...

I dowload TDSSkiller, but its not running...
ESET online scanner found 0 threats

on my head i run combofix, its returned all items, i will try normal mode, because i managed to doenload files in olny safe mode with networking...

P.S. heres combofix log

ComboFix 12-11-05.03 - HJ 012.11.06. 2:27.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2048.555 [GMT 2:00]
Running from: c:\users\HJ\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Q3IpIqj7q62U2a
c:\windows\7Loader.TAG
c:\windows\PFRO.log
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\tmpF377.tmp
c:\windows\SysWow64\tmpF387.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 01:03 . 2012-11-06 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-05 23:49 . 2012-11-05 23:49 -------- d-----w- c:\program files (x86)\ESET
2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Apps
2012-11-05 22:30 . 2012-11-05 22:30 -------- d-----w- c:\users\HJ\AppData\Local\Deployment
2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\users\HJ\AppData\Roaming\Malwarebytes
2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\programdata\Malwarebytes
2012-11-05 19:57 . 2012-11-05 19:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-04 23:42 . 2012-11-04 23:42 -------- d-----w- c:\users\UpdatusUser
2012-11-04 23:41 . 2012-11-05 22:12 -------- d-----w- c:\programdata\NVIDIA
2012-11-04 23:40 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-04 23:40 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-04 23:40 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-04 23:40 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-04 23:40 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-04 23:40 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-04 23:40 . 2012-10-10 19:24 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-11-04 23:40 . 2012-10-10 19:23 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-04 23:38 . 2012-11-04 23:38 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-04 23:38 . 2012-11-04 23:42 -------- d-----w- c:\program files\NVIDIA Corporation
2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\lv-LV
2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\wbem\lv-LV
2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\SysWow64\drivers\lv-LV
2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\wbem\lv-LV
2012-11-04 23:30 . 2012-11-04 23:30 -------- d-----w- c:\windows\system32\drivers\lv-LV
2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\ElevatedDiagnostics
2012-11-04 23:01 . 2012-11-04 23:01 -------- d-----w- c:\users\HJ\AppData\Local\Diagnostics
2012-11-02 18:10 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D61394FB-1100-4B0E-A18C-B9B49084CB8C}\mpengine.dll
2012-10-29 21:24 . 2012-10-29 21:24 -------- d-----w- c:\program files (x86)\EA Games
2012-10-24 19:59 . 2012-10-24 19:59 -------- d-----w- C:\Games
2012-10-10 19:23 . 2012-10-10 19:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 19:23 . 2012-10-10 19:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 19:23 . 2012-10-10 19:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 19:23 . 2012-10-10 19:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 19:23 . 2012-10-10 19:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 19:23 . 2012-10-10 19:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 19:23 . 2012-10-10 19:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 19:23 . 2012-10-10 19:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 19:23 . 2012-10-10 19:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 19:23 . 2012-10-10 19:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 19:23 . 2012-10-10 19:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 19:22 . 2012-10-10 19:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 19:22 . 2012-10-10 19:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 19:22 . 2012-10-10 19:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 19:22 . 2012-10-10 19:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 19:22 . 2012-10-10 19:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 19:22 . 2012-10-10 19:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 19:22 . 2012-10-10 19:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 19:22 . 2012-10-10 19:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-10 16:32 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 16:32 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 16:32 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 16:32 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 16:32 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 16:32 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 16:32 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 16:32 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 19:23 . 2009-07-13 21:59 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 19:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-09 19:14 . 2012-03-29 05:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 19:14 . 2011-05-18 16:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-27 22:18 . 2011-08-15 20:29 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-28 07:05 . 2012-09-03 18:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-08-28 07:04 . 2012-08-28 07:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-08-28 07:04 . 2012-08-28 07:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-08-28 07:04 . 2012-08-28 07:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-08-28 07:04 . 2012-08-28 07:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-08-28 07:04 . 2012-08-28 07:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-08-28 07:04 . 2012-08-28 07:04 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-08-28 07:04 . 2012-08-28 07:04 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-08-28 07:04 . 2012-08-28 07:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-08-28 07:04 . 2012-08-28 07:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-08-28 07:04 . 2012-08-28 07:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-08-28 07:04 . 2012-08-28 07:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-08-28 07:04 . 2012-08-28 07:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-08-28 07:04 . 2012-08-28 07:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-08-28 07:04 . 2012-09-03 18:52 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-08-28 07:04 . 2012-08-28 07:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-08-28 07:04 . 2012-08-28 07:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-08-28 07:04 . 2012-08-28 07:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-08-28 07:04 . 2012-08-28 07:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-08-28 07:04 . 2012-08-28 07:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-08-28 07:04 . 2012-08-28 07:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-08-28 07:04 . 2012-08-28 07:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-08-28 07:04 . 2012-08-28 07:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-08-28 07:04 . 2012-08-28 07:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-08-28 07:04 . 2012-08-28 07:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-08-28 07:04 . 2012-08-28 07:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-08-28 07:04 . 2012-08-28 07:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-08-24 11:15 . 2012-09-22 08:17 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 08:17 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 08:17 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 08:17 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 08:17 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 08:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 08:18 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 08:17 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 08:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 08:17 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 08:17 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 08:17 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 08:17 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 08:18 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 08:18 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 08:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 08:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 08:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 08:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 08:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 08:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 17:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 17:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 17:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 17:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 18:56 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 16:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"googletalk"="c:\users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-11 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-12 254528]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:14]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 09:10]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000Core.job
- c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000UA.job
- c:\users\HJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 17:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 85.254.184.1 85.254.184.2
FF - ProfilePath - c:\users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKCU-Run-cDwQgxKRTfxQaqo.exe - c:\programdata\cDwQgxKRTfxQaqo.exe
Wow6432Node-HKCU-Run-Q3IpIqj7q62U2a - c:\programdata\Q3IpIqj7q62U2a.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-06 03:29:39
ComboFix-quarantined-files.txt 2012-11-06 01:29
.
Pre-Run: 76 918 349 824 bytes free
Post-Run: 77 407 498 240 bytes free
.
- - End Of File - - 54E226D2B2AE78D5C1420A34769C60A1

i run unhide.exe and restarted pc... (seems like combofix worked and i got some files back..)

but its seems to not be fine

internet connection is very slow and computer working slow...

its crashed desktop gadgets http://www.bildites.lv/images/u72rf2t4v4i73yth1r0.jpg

and crashed windows explorer http://www.bildites.lv/images/q12ufn2zyyivcuw33.jpg

i didt manage to run not TDSSkiller or aswMBR

my pc reezed i did manual restart with button and when its started still slow and eset show olmarik trojan still... :(

its crashing even when im trying to apen .jpg file http://www.bildites.lv/images/96wu4ururlams1r7ja6a.jpg

Edited by hamluis, 06 November 2012 - 06:56 AM.
Merged posts, moved from Am I Infected to Malware Removal Logs - Hamluis.

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,838 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:18 PM

Posted 10 November 2012 - 05:33 PM

Greetings John and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please complete the below.


===================================================


GET xPUD MBR Dump

--------------------

For this step you will need a USB device and a blank CD. I have provided step by step instructions for this process in order to simplify the detailed task.

  • Download GETxPUD.exe to the desktop of your clean computer
  • Double click the Posted Image icon
  • Click Run
  • Double click the Posted Image folder which should now be on your desktop
  • Double click on Posted Image
  • The program will download xpud_0.9.2.iso, and when it is finished it will open a BurnCDCC window

    Posted Image
  • Click on Start, insert a blank CD when instructed, then click OK
  • When completed, the CD will eject for removal
  • Remove the CD and insert it and the USB device into the infected computer
  • Boot the infected computer with the CD you just burned
  • As the computer boots up gently tap F12 and choose to boot from the CD by using the keyboard arrow keys to highlight CD/DVD and then hit Enter
  • At the first screen select English
  • A Welcome to xPUD screen will appear
  • Press File
  • Under File System on the left hand side click on the triangle symbol to expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Double click on the folder that represents your USB drive (sdb1 ?).
  • If you do not see it, please remove the USB device, wait about 5 seconds, reinsert it, then click on the Refresh icon to the left of the house icon near the top of your screen. It should be added under mnt
  • On the top bar select Tool then select Open Terminal
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • After it has finished (within just a few seconds) a file will be located on your USB drive named mbr.bin. Please ensure the file is there
  • Remove the USB drive, insert it back in your working computer
  • Navigate to mbr.bin, zip the file, and attach it to your next reply.

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • mbr.zip

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 hj_black

hj_black
  • Topic Starter

  • Avatar image
  • Members
  • 65 posts
  • OFFLINE
    •  
  • Local time:05:18 AM

Posted 11 November 2012 - 11:21 AM

i hope its ok , file is in .rar archive

http://files.fm/u/ntovqxy

#4 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,838 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:18 PM

Posted 11 November 2012 - 02:33 PM

Hi John,

Thank you for the information, I was able to access it. Your Master Boot Record (MBR) is infected. In order to clean it I would like you to perform the following for me, if you would.


===================================================


Run tdl_fix.sh

--------------------

  • Download tdl_fix.sh and save it to the xPUD flash drive.
  • Boot into xPUD in the same manner as you did last time
  • Press File
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1 ?)
    • Note: If you do not see a USB drive remove it, wait 5 seconds and reinsert it back into the computer.
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type bash tdl_fix.sh then press Enter
  • Read the warning then type y and press Enter to continue.
  • Type sda then press Enter when prompted.
  • You will be shown a list of partitions to choose marking active.
  • Type 1 then press Enter
  • If you are presented with a warning about no bootloader files, stop here and advise me
  • When you select a partition and receive no warning about bootloader files but are presented with another view of the partition structure and asked if it looks correct, type y then press Enter
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows.
  • Post the contents of the tdl_fix.txt file that was created on your flash drive and let me know how the computer is behaving.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • tdl log
  • Were you able to boot into Normal Mode?
  • How is your computer running now?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#5 hj_black

hj_black
  • Topic Starter

  • Avatar image
  • Members
  • 65 posts
  • OFFLINE
    •  
  • Local time:05:18 AM

Posted 11 November 2012 - 04:25 PM

2012-11-11-23:16:37

The following drives were found
sda
sdb
User has chosen drive sda
backing up mbr to tdl_mbr_sda.bin


Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders, total 976773168 sectors
Units = sectors of 1 * 512 = 512 bytes

Device Boot Start End Blocks Id System
/dev/sda1 63 976742447 488371192+ 7 HPFS/NTFS
/dev/sda2 * 976744448 976764927 10240 17 Hidden HPFS/NTFS

Model: ATA WDC WD5000ABYS-0 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 32.3kB 500GB 500GB primary ntfs
2 500GB 500GB 10.5MB primary ntfs boot, hidden


User has chosen to make partition 1 active

Model: ATA WDC WD5000ABYS-0 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 32.3kB 500GB 500GB primary ntfs boot
2 500GB 500GB 10.5MB primary ntfs hidden


User has accepted changes


i was able to start pc in normal mode, but its still crashing some applications like desktop gadgets...

but my internet connection is better, like always + all programms are working faster

its my bad i put flash drive in infected pc and now its showin this message

Posted Image

#6 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,838 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:18 PM

Posted 11 November 2012 - 05:24 PM

Hi John,

Let's hold off using the flash drive. Did ESET automatically detect the file or did you scan it?

Please do this for me.


===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


OTL

--------------------

Please download OTL here.

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Copy and paste the two reports in your next reply.

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • BSOD log
  • OTL log
  • Extra log

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#7 hj_black

hj_black
  • Topic Starter

  • Avatar image
  • Members
  • 65 posts
  • OFFLINE
    •  
  • Local time:05:18 AM

Posted 11 November 2012 - 06:31 PM

ESET automatically detect

BSOD

==================================================
Dump File : 101112-22105-01.dmp
Crash Time : 2012.10.11. 4:00:04
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6fc`8061db50
Parameter 2 : ffffffff`c000000e
Parameter 3 : 00000000`558bc880
Parameter 4 : fffff900`c3b6a588
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17944 (win7sp1_gdr.120830-0333)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101112-22105-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 291 144
==================================================

==================================================
Dump File : 033112-21028-01.dmp
Crash Time : 2012.03.31. 14:11:28
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : ffffffff`87a75bc0
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`0757f6fb
Parameter 4 : 00000000`00000005
Caused By Driver : dxgmms1.sys
Caused By Address : dxgmms1.sys+5ee3
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cd40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\033112-21028-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 291 176
==================================================

==================================================
Dump File : 020412-21028-01.dmp
Crash Time : 2012.02.04. 14:06:47
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : ffffffff`81450140
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`073766fb
Parameter 4 : 00000000`00000005
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+4785
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\020412-21028-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 291 112
==================================================

==================================================
Dump File : 110411-29172-01.dmp
Crash Time : 2011.11.04. 19:55:27
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`04b6b140
Parameter 2 : fffff880`075b06c0
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000002
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5d000
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\110411-29172-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 918 424
==================================================

==================================================
Dump File : 071411-27799-01.dmp
Crash Time : 2011.07.14. 3:40:26
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6fc`5000e248
Parameter 2 : ffffffff`c000000e
Parameter 3 : 00000000`584c1820
Parameter 4 : fffff8a0`01c49004
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70700
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17944 (win7sp1_gdr.120830-0333)
Processor : x64
Crash Address : ntoskrnl.exe+70700
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\071411-27799-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 286 000
==================================================

OTL

OTL logfile created on: 2012.11.12. 1:16:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HJ\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000426 | Country: Latvija | Language: LVI | Date Format: yyyy.MM.dd.

2,00 Gb Total Physical Memory | 0,42 Gb Available Physical Memory | 20,77% Memory free
4,00 Gb Paging File | 1,79 Gb Available in Paging File | 44,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 334,52 Gb Free Space | 71,82% Space Free | Partition Type: NTFS

Computer Name: PC_BLACK | User Name: HJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.12 01:15:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HJ\Desktop\OTL.exe
PRC - [2012.11.11 23:28:33 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.10.26 23:05:08 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.09 21:14:18 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.31 08:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.08.31 08:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.08.31 08:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2011.04.08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.08.12 13:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2007.01.01 23:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.11 23:28:32 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.11.09 08:51:00 | 000,115,137 | ---- | M] () -- C:\Users\HJ\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
MOD - [2012.10.26 23:05:07 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.10.09 21:14:18 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.09.05 21:53:47 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll
MOD - [2012.09.05 21:53:13 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0189f9fb0ff0476b570aeadfc036ddd6\System.Management.ni.dll
MOD - [2012.09.05 21:51:25 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\367837cb7f83c9e52f09278f4e6c3ccd\System.Runtime.Remoting.ni.dll
MOD - [2012.09.04 21:03:00 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012.09.03 20:20:12 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
MOD - [2012.09.03 20:20:03 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll
MOD - [2012.09.03 20:19:49 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll
MOD - [2012.09.03 20:19:42 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
MOD - [2012.09.03 20:19:30 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll
MOD - [2012.09.03 20:19:19 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
MOD - [2012.09.03 20:19:17 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
MOD - [2012.09.03 20:19:15 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fd52e266873de847aea40b1d0715e0bb\PresentationFramework.Aero.ni.dll
MOD - [2012.09.03 20:19:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012.09.03 20:18:54 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012.09.03 20:18:46 | 014,415,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012.08.31 08:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.08.12 13:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010.08.12 13:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.11.11 23:28:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.26 23:05:07 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.11.06 21:10:08 | 000,029,552 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OlmarikFixer.sys -- (OlmarikFixer)
DRV:64bit: - [2012.06.27 10:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012.06.27 10:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2012.06.27 10:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012.06.27 10:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2012.06.27 10:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2012.06.27 10:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012.06.27 10:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2012.06.27 10:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.04.12 23:03:57 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.07.29 12:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.07.29 12:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.07.29 12:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lv-LV
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 8B 91 53 4B F9 CB 01 [binary data]
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\..\SearchScopes\{8FB067DF-4A50-481C-9B9A-EB2B91236696}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..CT3072253.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 23:05:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.11 23:32:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.08.13 07:01:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 23:05:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.11 23:32:32 | 000,000,000 | ---D | M]

[2011.04.12 22:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HJ\AppData\Roaming\Mozilla\Extensions
[2012.11.10 13:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\extensions
[2012.11.02 20:18:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.12 20:29:17 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\extensions\youtube2mp3@mondayx.de.xpi
[2011.04.12 23:03:42 | 000,002,059 | ---- | M] () -- C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\searchplugins\daemon-search.xml
[2012.11.06 08:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.26 23:05:08 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,000,908 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\dict-enlv.xml
[2010.01.01 10:00:00 | 000,005,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\salidzinilv.xml
[2010.01.01 10:00:00 | 000,000,894 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sslv.xml
[2010.01.01 10:00:00 | 000,001,177 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-lv.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\HJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\HJ\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - Extension: Google disks = C:\Users\HJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\HJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google mekl\u0113\u0161ana = C:\Users\HJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: uTorrentControl2 = C:\Users\HJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Gmail = C:\Users\HJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.11.09 02:20:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1412460427-476387233-3659720830-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1412460427-476387233-3659720830-1000..\Run: [googletalk] C:\Users\HJ\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1412460427-476387233-3659720830-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1412460427-476387233-3659720830-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1412460427-476387233-3659720830-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1412460427-476387233-3659720830-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1412460427-476387233-3659720830-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1412460427-476387233-3659720830-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.254.184.1 85.254.184.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3CBBDF6-07A1-46BC-BA76-4D334433A9F5}: DhcpNameServer = 85.254.184.1 85.254.184.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F83EFB94-6FEF-47C0-BCAC-B14161A3860B}: DhcpNameServer = 85.254.184.1 85.254.184.2
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.12 01:15:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HJ\Desktop\OTL.exe
[2012.11.12 01:14:22 | 000,000,000 | ---D | C] -- C:\Users\HJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012.11.12 01:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012.11.11 23:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.11.11 23:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.11.11 23:30:27 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.11 23:30:27 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.11.11 23:30:27 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.11.11 23:30:11 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.11.11 23:30:11 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.11.11 23:30:11 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.11.11 23:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.10 13:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.10 03:56:42 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.10 03:56:19 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.09 08:50:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.09 02:41:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.09 01:36:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.07 20:24:14 | 000,688,901 | ---- | C] (Swearware) -- C:\Users\HJ\Desktop\dds.com
[2012.11.07 20:24:02 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\HJ\Desktop\dds.scr
[2012.11.06 21:10:08 | 000,029,552 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\OlmarikFixer.sys
[2012.11.06 21:10:08 | 000,000,000 | ---D | C] -- C:\Users\HJ\Desktop\EOlmarikTdl4Cleaner.20121106.211008.2820
[2012.11.06 21:09:59 | 000,327,704 | ---- | C] (ESET) -- C:\Users\HJ\Desktop\EOlmarikTdl4Cleaner.exe
[2012.11.06 07:05:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\HJ\Desktop\aswMBR.exe
[2012.11.06 02:19:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.06 02:19:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.06 02:19:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.06 02:11:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.06 02:10:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.06 02:10:21 | 004,998,107 | R--- | C] (Swearware) -- C:\Users\HJ\Desktop\ComboFix.exe
[2012.11.06 01:43:39 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HJ\Desktop\tdsskiller (1).exe
[2012.11.06 00:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.06 00:30:01 | 000,000,000 | ---D | C] -- C:\Users\HJ\AppData\Local\Apps
[2012.11.06 00:30:00 | 000,000,000 | ---D | C] -- C:\Users\HJ\AppData\Local\Deployment
[2012.11.05 21:57:46 | 000,000,000 | ---D | C] -- C:\Users\HJ\AppData\Roaming\Malwarebytes
[2012.11.05 21:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.05 21:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.05 21:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.05 21:55:16 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HJ\Desktop\mbam-setup.exe
[2012.11.05 21:52:11 | 001,679,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\HJ\Desktop\iExplore.exe
[2012.11.05 21:50:47 | 000,000,000 | ---D | C] -- C:\Users\HJ\Desktop\rkill
[2012.11.05 21:50:20 | 001,679,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\HJ\Desktop\rkill.exe
[2012.11.05 09:33:09 | 000,000,000 | ---D | C] -- C:\Users\HJ\Desktop\RK_Quarantine
[2012.11.05 03:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.11.05 01:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.11.05 01:40:48 | 006,200,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.11.05 01:40:48 | 003,293,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.11.05 01:40:48 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.11.05 01:40:48 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.11.05 01:40:48 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.11.05 01:40:12 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.11.05 01:40:12 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.11.05 01:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.05 01:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.11.05 01:30:26 | 000,000,000 | ---D | C] -- C:\Windows\lv-LV
[2012.11.05 01:30:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\lv-LV
[2012.11.05 01:30:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\lv-LV
[2012.11.05 01:19:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\lv-LV\scfilter.sys.mui
[2012.11.05 01:19:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lv-LV\scfilter.sys.mui
[2012.11.05 01:19:28 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\lv-LV\tcpip.sys.mui
[2012.11.05 01:19:08 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lv-LV\portcls.sys.mui
[2012.11.05 01:19:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lv-LV\serscan.sys.mui
[2012.11.05 01:19:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lv-LV\ataport.sys.mui
[2012.11.05 01:19:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lv-LV\amdide.sys.mui
[2012.11.05 01:19:03 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lv-LV\tcpip.sys.mui
[2012.11.05 01:18:33 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lv-LV\hidbth.sys.mui
[2012.11.05 01:18:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lv-LV\bthport.sys.mui
[2012.11.05 01:18:32 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lv-LV\BTHUSB.SYS.mui
[2012.11.05 01:18:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lv-LV\bthenum.sys.mui
[2012.11.05 01:01:20 | 000,000,000 | ---D | C] -- C:\Users\HJ\AppData\Local\ElevatedDiagnostics
[2012.11.05 01:01:02 | 000,000,000 | ---D | C] -- C:\Users\HJ\AppData\Local\Diagnostics
[2012.11.05 00:45:35 | 000,000,000 | ---D | C] -- C:\Users\HJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore
[2012.10.30 00:26:06 | 000,000,000 | ---D | C] -- C:\Users\HJ\Documents\Criterion Games
[2012.10.29 23:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2012.10.29 23:24:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2012.10.26 23:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.24 21:59:20 | 000,000,000 | ---D | C] -- C:\Games
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.12 01:20:10 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.12 01:15:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HJ\Desktop\OTL.exe
[2012.11.12 01:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.12 01:10:40 | 000,140,608 | ---- | M] () -- C:\Users\HJ\Desktop\bluescreenview_setup.exe
[2012.11.12 01:04:02 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000UA.job
[2012.11.12 00:04:42 | 000,036,585 | ---- | M] () -- C:\Users\HJ\Desktop\5115905.jpg
[2012.11.11 23:32:33 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.11 23:30:03 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.11.11 23:29:58 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.11 23:29:58 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.11.11 23:29:58 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.11.11 23:29:58 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.11.11 23:29:57 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.11.11 23:28:33 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.11 23:28:33 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.11 23:26:55 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.11 23:26:55 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.11 23:26:55 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.11 23:26:05 | 000,018,224 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 23:26:05 | 000,018,224 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 23:24:19 | 000,024,409 | ---- | M] () -- C:\Users\HJ\Desktop\virus.jpg
[2012.11.11 23:18:45 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.11 23:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.11 23:18:32 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.11 18:13:15 | 000,002,287 | ---- | M] () -- C:\Users\HJ\Desktop\Google Chrome.lnk
[2012.11.11 18:12:16 | 000,000,534 | ---- | M] () -- C:\Users\HJ\Desktop\mbr.rar
[2012.11.11 18:08:46 | 000,000,512 | ---- | M] () -- C:\Users\HJ\Desktop\mbr.bin
[2012.11.10 22:04:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1412460427-476387233-3659720830-1000Core.job
[2012.11.10 17:12:36 | 000,017,907 | ---- | M] () -- C:\Users\HJ\Desktop\still.jpg
[2012.11.10 14:51:43 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.11.10 12:49:51 | 000,086,915 | ---- | M] () -- C:\Users\HJ\Desktop\sleep.jpg
[2012.11.09 02:20:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.09 01:33:37 | 004,998,107 | R--- | M] (Swearware) -- C:\Users\HJ\Desktop\ComboFix.exe
[2012.11.07 20:24:18 | 000,688,901 | ---- | M] (Swearware) -- C:\Users\HJ\Desktop\dds.com
[2012.11.07 20:24:05 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\HJ\Desktop\dds.scr
[2012.11.06 21:10:08 | 000,029,552 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\OlmarikFixer.sys
[2012.11.06 21:10:00 | 000,327,704 | ---- | M] (ESET) -- C:\Users\HJ\Desktop\EOlmarikTdl4Cleaner.exe
[2012.11.06 08:06:49 | 000,088,840 | ---- | M] () -- C:\Users\HJ\Desktop\11111.jpg
[2012.11.06 07:31:37 | 000,045,973 | ---- | M] () -- C:\Users\HJ\Desktop\1111.jpg
[2012.11.06 07:30:52 | 000,042,451 | ---- | M] () -- C:\Users\HJ\Desktop\111.jpg
[2012.11.06 07:06:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\HJ\Desktop\aswMBR.exe
[2012.11.06 01:43:41 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HJ\Desktop\tdsskiller (1).exe
[2012.11.05 21:57:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.05 21:56:11 | 010,669,896 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HJ\Desktop\mbam-setup.exe
[2012.11.05 21:52:42 | 001,679,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\HJ\Desktop\iExplore.exe
[2012.11.05 21:50:21 | 001,679,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\HJ\Desktop\rkill.exe
[2012.11.05 09:36:59 | 000,015,004 | ---- | M] () -- C:\Users\HJ\Desktop\iexplore - Shortcut.lnk
[2012.11.05 00:45:35 | 000,000,677 | ---- | M] () -- C:\Users\HJ\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012.11.05 00:45:35 | 000,000,176 | ---- | M] () -- C:\ProgramData\-Q3IpIqj7q62U2ar
[2012.11.05 00:45:35 | 000,000,160 | ---- | M] () -- C:\ProgramData\-Q3IpIqj7q62U2a
[2012.11.04 18:45:41 | 000,121,528 | ---- | M] () -- C:\Users\HJ\Desktop\480282_291084587669588_1275797889_n.jpg
[2012.10.29 23:39:17 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
[2012.10.24 22:18:59 | 000,000,830 | ---- | M] () -- C:\Users\HJ\Desktop\CrazyGames.Lv_CSS_OB.lnk
[2012.10.16 21:21:00 | 000,129,490 | ---- | M] () -- C:\Users\HJ\Desktop\iPad-2-Ten-Uses-1024x764.jpg
[2012.10.16 21:16:58 | 000,105,579 | ---- | M] () -- C:\Users\HJ\Desktop\s3b.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.12 01:10:37 | 000,140,608 | ---- | C] () -- C:\Users\HJ\Desktop\bluescreenview_setup.exe
[2012.11.12 00:04:34 | 000,036,585 | ---- | C] () -- C:\Users\HJ\Desktop\5115905.jpg
[2012.11.11 23:32:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.11.11 23:32:33 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.11 23:24:17 | 000,024,409 | ---- | C] () -- C:\Users\HJ\Desktop\virus.jpg
[2012.11.11 18:12:39 | 000,000,512 | ---- | C] () -- C:\Users\HJ\Desktop\mbr.bin
[2012.11.11 18:12:22 | 000,000,534 | ---- | C] () -- C:\Users\HJ\Desktop\mbr.rar
[2012.11.10 17:12:34 | 000,017,907 | ---- | C] () -- C:\Users\HJ\Desktop\still.jpg
[2012.11.10 14:51:43 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.11.10 12:49:49 | 000,086,915 | ---- | C] () -- C:\Users\HJ\Desktop\sleep.jpg
[2012.11.06 08:06:46 | 000,088,840 | ---- | C] () -- C:\Users\HJ\Desktop\11111.jpg
[2012.11.06 07:31:36 | 000,045,973 | ---- | C] () -- C:\Users\HJ\Desktop\1111.jpg
[2012.11.06 07:30:50 | 000,042,451 | ---- | C] () -- C:\Users\HJ\Desktop\111.jpg
[2012.11.06 02:43:53 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.11.06 02:43:52 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.11.06 02:43:51 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.11.06 02:43:49 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.11.06 02:43:48 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.11.06 02:43:47 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.11.06 02:43:46 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.11.06 02:43:45 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.11.06 02:43:40 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.11.06 02:43:38 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012.11.06 02:43:37 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
[2012.11.06 02:19:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.06 02:19:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.06 02:19:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.06 02:19:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.06 02:19:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.06 00:31:02 | 000,002,287 | ---- | C] () -- C:\Users\HJ\Desktop\Google Chrome.lnk
[2012.11.05 21:57:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.05 09:36:59 | 000,015,004 | ---- | C] () -- C:\Users\HJ\Desktop\iexplore - Shortcut.lnk
[2012.11.05 00:45:35 | 000,000,677 | ---- | C] () -- C:\Users\HJ\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012.11.05 00:45:35 | 000,000,176 | ---- | C] () -- C:\ProgramData\-Q3IpIqj7q62U2ar
[2012.11.05 00:45:35 | 000,000,160 | ---- | C] () -- C:\ProgramData\-Q3IpIqj7q62U2a
[2012.11.04 18:45:33 | 000,121,528 | ---- | C] () -- C:\Users\HJ\Desktop\480282_291084587669588_1275797889_n.jpg
[2012.10.24 22:18:59 | 000,000,830 | ---- | C] () -- C:\Users\HJ\Desktop\CrazyGames.Lv_CSS_OB.lnk
[2012.10.16 21:20:50 | 000,129,490 | ---- | C] () -- C:\Users\HJ\Desktop\iPad-2-Ten-Uses-1024x764.jpg
[2012.10.16 21:16:52 | 000,105,579 | ---- | C] () -- C:\Users\HJ\Desktop\s3b.jpg
[2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.15 23:20:25 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.05.15 23:20:25 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.05.15 23:20:25 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.01.23 00:27:49 | 000,003,584 | ---- | C] () -- C:\Users\HJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.24 19:00:49 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2011.09.24 19:00:49 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2011.09.24 19:00:49 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2011.09.24 18:57:48 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.09.24 18:57:48 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.04.12 21:58:23 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012.09.17 19:06:47 | 000,360,155 | ---- | C] ()(C:\Users\HJ\Desktop\??????? ?. - ?????? ???????????????? ????????????????.docx) -- C:\Users\HJ\Desktop\Кочюнас Р. - Основы психологического консультирования.docx
[2012.09.12 07:48:50 | 000,360,155 | ---- | M] ()(C:\Users\HJ\Desktop\??????? ?. - ?????? ???????????????? ????????????????.docx) -- C:\Users\HJ\Desktop\Кочюнас Р. - Основы психологического консультирования.docx

< End of report >

Extras

OTL Extras logfile created on: 2012.11.12. 1:16:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HJ\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000426 | Country: Latvija | Language: LVI | Date Format: yyyy.MM.dd.

2,00 Gb Total Physical Memory | 0,42 Gb Available Physical Memory | 20,77% Memory free
4,00 Gb Paging File | 1,79 Gb Available in Paging File | 44,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 334,52 Gb Free Space | 71,82% Space Free | Partition Type: NTFS

Computer Name: PC_BLACK | User Name: HJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1412460427-476387233-3659720830-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F464D7B-61AC-41F7-8E38-75C98A89F099}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C9A8451-B33C-4F30-B2E2-9E27F70ED886}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{12E6C41F-1D8E-47BD-9285-558EFB1A3986}" = protocol=17 | dir=in | app=c:\driver san francisco\driver.exe |
"{25A316CA-5DAD-4C5E-879A-724BD2486A3F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3E9C1036-2E0E-4B33-8C71-B25CEC0BCC6B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{40EFBAEB-120D-4AD1-876E-D93B47300076}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{44EA5BFE-78A5-4232-9C65-A3BD9F8628E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{74C7DC65-C313-43E0-9018-6F789730FB98}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{7D807A88-0950-41F2-A696-F3A22282D35C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9322CD77-6A79-4107-82AC-4CD4941BC7C0}" = protocol=6 | dir=in | app=c:\driver san francisco\driver.exe |
"{99A691E0-A99A-432D-B8D4-A80033ECED6C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BA098467-FEBB-4AEC-B799-95760169A224}" = protocol=58 | dir=in | app=system |
"{CE365510-F21A-4AD0-BCA7-6C222AC299A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F1131C8E-87A3-49EE-B9CC-3BEAD5223625}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"TCP Query User{180685B4-2011-4BF4-A5EC-4E4A68CB3990}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{48115C25-13E7-48EA-BF5C-35A4761FA54C}C:\users\hj\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\hj\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{4B2C65FE-EFE4-448A-8BD9-D340FD4856A8}C:\games\crazygames.lv_css_ob\hl2.exe" = protocol=6 | dir=in | app=c:\games\crazygames.lv_css_ob\hl2.exe |
"TCP Query User{AD689958-6A53-40F7-945A-9422FCDFDB2F}C:\program files (x86)\contra_css_ob\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\contra_css_ob\hl2.exe |
"TCP Query User{CAD9DF61-582C-43CA-B744-64A1D27534AE}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed most wanted\nfs13.exe |
"UDP Query User{0109A897-A7F1-4C41-864D-91D64DD6FF1C}C:\games\crazygames.lv_css_ob\hl2.exe" = protocol=17 | dir=in | app=c:\games\crazygames.lv_css_ob\hl2.exe |
"UDP Query User{55E7204E-1238-4A9C-A0A4-05091F99D35B}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed most wanted\nfs13.exe |
"UDP Query User{64B6E6F9-42A5-452B-A535-E987969F8284}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{76C35653-A2FF-4EA3-8842-762BF230C810}C:\users\hj\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\hj\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{A10C124E-8473-4027-9193-46725D74A2FD}C:\program files (x86)\contra_css_ob\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\contra_css_ob\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
"{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C5F268F1-0856-43E2-B6F1-2470EEE48D2A}" = ESET NOD32 Antivirus
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{83A5D4E9-7FE6-336D-9525-F1C879496014}" = Google Talk Plugin
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CrazyGames.Lv Counter-Strike: Source v.75 Full [~B6AF7CB6_is1" = CrazyGames.Lv Counter-Strike: Source v.75 Full [25.09.2012]
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver San Francisco" = Driver San Francisco
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 lv)" = Mozilla Firefox 16.0.2 (x86 lv)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"VLC media player" = VLC media player 1.1.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1412460427-476387233-3659720830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012.11.10. 11:04:10 | Computer Name = PC_BLACK | Source = MsiInstaller | ID = 11714
Description =

Error - 2012.11.10. 11:05:17 | Computer Name = PC_BLACK | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bca42 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc00000fd Fault offset: 0x0000000000026032
Faulting
process id: 0xcfc Faulting application start time: 0x01cdbf38f2ea3ee0 Faulting application
path: C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0965f648-2b48-11e2-a69c-00e04d278cae

Error - 2012.11.10. 11:11:00 | Computer Name = PC_BLACK | Source = Application Error | ID = 1000
Description = Faulting application name: sidebar.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7a1c7 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc00000fd Fault offset: 0x0000000000054f61 Faulting
process id: 0x764 Faulting application start time: 0x01cdbf5589601040 Faulting application
path: C:\Program Files\Windows Sidebar\sidebar.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: d57dcf80-2b48-11e2-8483-00e04d278cae

Error - 2012.11.10. 16:04:27 | Computer Name = PC_BLACK | Source = MsiInstaller | ID = 11714
Description =

Error - 2012.11.10. 19:00:03 | Computer Name = PC_BLACK | Source = Application Error | ID = 1000
Description = Faulting application name: taskhost.exe, version: 6.1.7601.17514,
time stamp: 0x4ce796f7 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc00000fd Fault offset: 0x0000000000054f61
Faulting
process id: 0x460 Faulting application start time: 0x01cdbf6fd7d1fa30 Faulting application
path: C:\Windows\system32\taskhost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 5bf43b30-2b8a-11e2-8483-00e04d278cae

Error - 2012.11.11. 5:48:33 | Computer Name = PC_BLACK | Source = Application Error | ID = 1000
Description = Faulting application name: sidebar.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7a1c7 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc00000fd Fault offset: 0x0000000000054f4a Faulting
process id: 0x8f0 Faulting application start time: 0x01cdbff18d9f4f80 Faulting application
path: C:\Program Files\Windows Sidebar\sidebar.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: f456b830-2be4-11e2-a791-00e04d278cae

Error - 2012.11.11. 6:04:06 | Computer Name = PC_BLACK | Source = MsiInstaller | ID = 11714
Description =

Error - 2012.11.11. 12:11:36 | Computer Name = PC_BLACK | Source = Application Error | ID = 1000
Description = Faulting application name: sidebar.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7a1c7 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc00000fd Fault offset: 0x0000000000054f4a Faulting
process id: 0x8b8 Faulting application start time: 0x01cdc02728c29a00 Faulting application
path: C:\Program Files\Windows Sidebar\sidebar.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 76fe0920-2c1a-11e2-9ca8-00e04d278cae

Error - 2012.11.11. 13:04:08 | Computer Name = PC_BLACK | Source = MsiInstaller | ID = 11714
Description =

Error - 2012.11.11. 17:19:07 | Computer Name = PC_BLACK | Source = Application Error | ID = 1000
Description = Faulting application name: sidebar.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7a1c7 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc00000fd Fault offset: 0x0000000000054f61 Faulting
process id: 0x8f8 Faulting application start time: 0x01cdc0522332fdc0 Faulting application
path: C:\Program Files\Windows Sidebar\sidebar.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 6cfd18a0-2c45-11e2-9ecd-00e04d278cae


< End of report >

#8 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,838 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:18 PM

Posted 11 November 2012 - 08:46 PM

Greetings,

There are some things we need to take care of. I also have a caution for you and a question about a file.

Please consider and perform the following.


===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed/utilized. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall any Peer to Peer programs or files, however that choice is up to you.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.



===================================================


Run OTL Fix

--------------------

  • Double click on the Posted Image icon on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\..\SearchScopes\{8FB067DF-4A50-481C-9B9A-EB2B91236696}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-1412460427-476387233-3659720830-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2011.04.12 23:03:42 | 000,002,059 | ---- | M] () -- C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\searchplugins\daemon-search.xml
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKU\S-1-5-21-1412460427-476387233-3659720830-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012.11.05 00:45:35 | 000,000,677 | ---- | M] () -- C:\Users\HJ\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012.11.05 00:45:35 | 000,000,176 | ---- | M] () -- C:\ProgramData\-Q3IpIqj7q62U2ar
[2012.11.05 00:45:35 | 000,000,160 | ---- | M] () -- C:\ProgramData\-Q3IpIqj7q62U2a
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

===================================================


Removing Chrome Extension/Plugin

--------------------

  • Lauch Chrome web browser
  • Type chrome:settings and press Enter
  • Delete the following:

    plugin: Conduit Chrome Plugin
    Extension: uTorrentControl2

===================================================


Can you tell me if you recognize this:

C:\Users\HJ\Desktop\Кочюнас Р. - Основы психологического консультирования.docx


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • OTL log
  • Do you recognize the file?
  • How is your computer running?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#9 hj_black

hj_black
  • Topic Starter

  • Avatar image
  • Members
  • 65 posts
  • OFFLINE
    •  
  • Local time:05:18 AM

Posted 12 November 2012 - 04:02 PM

========== OTL ==========
HKU\S-1-5-21-1412460427-476387233-3659720830-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1412460427-476387233-3659720830-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8FB067DF-4A50-481C-9B9A-EB2B91236696}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FB067DF-4A50-481C-9B9A-EB2B91236696}\ not found.
Registry key HKEY_USERS\S-1-5-21-1412460427-476387233-3659720830-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\HJ\AppData\Roaming\Mozilla\Firefox\Profiles\marczph1.default\searchplugins\daemon-search.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1412460427-476387233-3659720830-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\HJ\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk moved successfully.
C:\ProgramData\-Q3IpIqj7q62U2ar moved successfully.
C:\ProgramData\-Q3IpIqj7q62U2a moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11122012_225852

Кочюнас Р. - Основы психологического консультирования.docx - this is book in russian :)

pc running i think ok,

is in the log files seems all ok ?

#10 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,838 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:18 PM

Posted 12 November 2012 - 04:11 PM

HI,

Yes, that looks good. I would like to run Malwarebytes and your ESET.

In addition to ESET please do this for me.


===================================================


Rerun Malwarebytes

--------------------

Temporarily disable your antivirus program.

  • Please locate your Malwarebytes icon Posted Image and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • ESET log
  • Malwarebytes log

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#11 hj_black

hj_black
  • Topic Starter

  • Avatar image
  • Members
  • 65 posts
  • OFFLINE
    •  
  • Local time:05:18 AM

Posted 12 November 2012 - 09:23 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HJ :: PC_BLACK [administrator]

2012.11.12. 23:27:04
mbam-log-2012-11-12 (23-27-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229799
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


and its not all, because eset freezed at 50 % and i press stop

Attached Files

  • Attached File  eset.txt   231.27KB   1 downloads

#12 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,838 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:18 PM

Posted 12 November 2012 - 09:35 PM

Greetings,

That looks very nice. We have one last task which is to update Java. Please do this.


===================================================


Update Java for 64 bit Systems

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for the JRE icon Posted Image underneath "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right and a new page will open.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select Windows x64 31.18 MB jre-7u9-windows-x64.exe
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u6-windows-x64.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:

  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Did Java update successfully?
  • Is your computer running well?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#13 hj_black

hj_black
  • Topic Starter

  • Avatar image
  • Members
  • 65 posts
  • OFFLINE
    •  
  • Local time:05:18 AM

Posted 13 November 2012 - 03:05 PM

Instaled java, make restart and this happen and my firefox is crashling like hell

Attached Files

  • Attached File  java.jpg   72.11KB   3 downloads

#14 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,838 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:18 PM

Posted 13 November 2012 - 03:09 PM

Hi hj_black,

Let's do a clean install of Java another way and see if we find success.


===================================================


Clean Install of Java Using JavaRa

-------------------

Please download JavaRa and save the file to your desktop.

  • Right click and Extract All and a new folder called "JavaRa" will be extracted
  • Once extracted, open that folder and run JavaRa.exe with the picture.
  • Select your Language which is probably English
  • Click Search For Updates
  • Select Update Using jucheck.exe
  • Click Search
  • If a newer version is found, allow it to be installed
  • Uncheck the Google Toolbar option. (if you don't want the Google tool bar)
  • When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
  • When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
  • It will now begin to remove older versions. Please be paitent while it does the removal process.
  • Exit the tool when complete.

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • How did it go?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#15 hj_black

hj_black
  • Topic Starter

  • Avatar image
  • Members
  • 65 posts
  • OFFLINE
    •  
  • Local time:05:18 AM

Posted 13 November 2012 - 03:18 PM

some other crashes now happens

and javare wont do nothing after i press search

Attached Files

  • Attached File  com.jpg   38.26KB   2 downloads
  • Attached File  java.jpg   72.11KB   2 downloads

Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·