nod32 win32/olmarik operation memory

[miekiemoes]

Oooh, I thought I have given you instructions previously to run DDS. Looks like I didn't
Anyway, Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

---------------------------------------------------

Copy and paste the contents of DDS.txt in your next reply. Do not copy and paste the contents of Attach.txt in the same post, but use a next post instead as both logs won't fit in one post

[anex]

DDS (Ver_10-03-17.01) - NTFSx86
Run by Pavlin at 19:53:51,54 on бкЎ 14.08.2010 Ј.
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2046.1224 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\psxss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Install\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Pavlin\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [RMClock] "c:\program files\rmclock\RMClockLauncher.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {60237576-b24c-4ba9-9740-c9f3ec9db557} - {EAADF17C-B6EA-4511-8549-A67CFD406EAF} - c:\progra~1\skycode\webtra~1\wt2ie.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {9534BF29-FC95-4B51-B651-9BC10B91FBAE} = 8.8.8.8,4.3.2.1
TCP: 2656C6B696E6 = 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\pavlin\appdata\roaming\mozilla\firefox\profiles\4ztw3pcl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\users\pavlin\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\pavlin\appdata\roaming\mozilla\firefox\profiles\4ztw3pcl.default\extensions\logmeinclient@l​ogmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-8-11 207792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-8-11 112592]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-3-29 134024]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-3-29 96896]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-7 47640]
R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [2008-11-23 784256]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-7-14 9216]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-10-27 72704]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-10-27 43904]
R3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2009-8-19 4608]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-11-6 227328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter;c:\windows\system32\drivers\hextun.sys [2007-12-20 22176]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-1-11 36928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-8-11 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-8-11 1141712]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2009-5-15 49656]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 TAPTUNV6;TAP/TUN IPv6 Adapter;c:\windows\system32\drivers\tunv6.sys [2004-9-8 20352]
S4 gupdate1c98d16c937e410;Google Update Service (gupdate1c98d16c937e410);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]

=============== Created Last 30 ================

2010-08-14 13:28:05 0 d-s---w- C:\Combo-Fix744C
2010-08-14 12:52:21 61204 ----a-w- c:\users\pavlin\appdata\roaming\SQLite3.dll
2010-08-13 16:01:05 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-13 15:48:17 0 d-----w- C:\Combo-Fix17150C
2010-08-13 15:44:30 0 d-----w- C:\Combo-Fix24314C
2010-08-13 12:19:29 0 d-----w- C:\Combo-Fix
2010-08-12 19:27:59 0 d-----w- c:\programdata\Apple Computer
2010-08-12 18:42:28 0 d-----w- c:\program files\CCleaner
2010-08-11 20:33:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 20:33:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 19:15:24 0 d-----w- c:\program files\trend micro
2010-08-11 16:51:12 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-11 16:51:11 882 ----a-w- c:\windows\RegSDImport.xml
2010-08-11 16:51:10 880 ----a-w- c:\windows\RegISSImport.xml
2010-08-11 16:51:10 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-11 16:51:10 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-08-11 16:51:10 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-11 16:51:10 131 ----a-w- c:\windows\IDB.zip
2010-08-11 16:51:10 1152444 ----a-w- c:\windows\UDB.zip
2010-08-11 16:48:44 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-08-11 16:48:44 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-08-11 16:48:44 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-11 16:48:36 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-11 16:48:36 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-08-11 16:48:36 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-08-11 16:48:36 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-11 16:48:20 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-08-11 16:48:20 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-11 16:47:58 0 d-----w- c:\users\pavlin\appdata\roaming\PC Tools
2010-08-11 16:47:58 0 d-----w- c:\programdata\PC Tools
2010-08-11 16:47:58 0 d-----w- c:\program files\Spyware Doctor
2010-08-11 16:47:58 0 d-----w- c:\program files\common files\PC Tools
2010-08-11 14:07:07 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 13:26:36 0 d-----w- c:\programdata\Sun
2010-08-11 13:26:25 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-09 22:39:20 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-09 22:39:19 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-09 22:03:16 0 d-----w- c:\programdata\ESET
2010-08-09 19:57:56 691 ----a-w- c:\users\pavlin\appdata\roaming\GetValue.vbs
2010-08-09 19:57:56 35 ----a-w- c:\users\pavlin\appdata\roaming\SetValue.bat
2010-08-09 17:45:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 16:56:42 5 ----a-w- C:\zrpt.xml
2010-08-09 16:56:30 0 d-----w- c:\users\pavlin\appdata\roaming\1C5076BBA01C3F73BEB286DEC9A74B75
2010-08-05 21:49:48 0 d-----w- c:\program files\YouTube Downloader
2010-08-01 16:43:47 0 d-----w- c:\users\pavlin\appdata\roaming\Workrave
2010-08-01 16:43:39 0 d-----w- c:\program files\Workrave
2010-08-01 01:00:22 0 d-----w- c:\programdata\Electronic Arts
2010-07-31 22:42:17 0 d-----w- c:\program files\StarCraft II
2010-07-31 22:19:46 0 d-----w- c:\programdata\Blizzard Entertainment
2010-07-31 22:05:50 209 ----a-w- c:\windows\ODBCINST.INI
2010-07-31 22:05:49 0 d-----w- c:\program files\Difference World
2010-07-24 13:36:10 0 d-----w- c:\program files\Panda Security
2010-07-21 16:27:47 0 d-----w- c:\program files\sXe Injected
2010-07-21 08:47:38 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-21 08:46:57 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-21 08:46:57 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-21 08:46:57 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-21 08:46:57 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-21 08:46:57 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-21 08:45:05 0 d-----w- c:\windows\PCHEALTH
2010-07-21 08:44:15 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-07-21 08:41:17 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-07-21 08:41:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-07-21 08:41:17 293888 ----a-w- c:\windows\system32\atmfd.dll

==================== Find3M ====================

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-04 18:53:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47:35 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47:21 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47:13 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 17:41:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-09 16:58:08 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 16:58:07 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:54:39,89 ===============

[anex]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 13.8.2009 г. 22:17:57
System Uptime: 14.8.2010 г. 19:37:30 (0 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz | N/A | 2000/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 39 GiB total, 14,142 GiB free.
D: is FIXED (NTFS) - 240 GiB total, 25,258 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is FIXED (NTFS) - 112 GiB total, 9,837 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NVR0FLASHDev
Device ID: ROOT\LEGACY_NVR0FLASHDEV\0000
Manufacturer:
Name: NVR0FLASHDev
PNP Device ID: ROOT\LEGACY_NVR0FLASHDEV\0000
Service: NVR0FLASHDev

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


Домашен Кулинар FX
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.65
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.3
Ahead.Nero v9.4.13.2
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 9 BETA
Babylon
Bluesoleil 6.4.249.0
Browser Defender 2.0.6.11
Bulgarian (Phonetic) - Original
CCleaner
Counter-Strike 1.6
DHTML Editing Component
DivX Plus Web Player
eMule
ESET NOD32 Antivirus
ESET Online Scanner v3
EVEREST Corporate Edition v4.60
FairStars Audio Converter 1.75
ffdshow [rev 3097] [2009-10-08]
GameRanger
Garmin USB Drivers
Garmin WebUpdater
Google Земя
Google Chrome
Google Update Helper
Hamachi 1.0.3.0
HD Tune Pro 3.50
HiJackThis
HLSW v1.3.2.1
ICQ6.5
ImagXpress
Intel® Matrix Storage Manager
Java Auto Updater
Java™ 6 Update 21
K-Lite Codec Pack 4.3.4 (Full)
Lame ACM MP3 Codec
LogMeIn
Longman iBT
Macmillan English Dictionary
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Document Explorer 2008
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mozilla Firefox (3.6.8)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Underground 2
Need For Speed™ World
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Notepad++
NVIDIA Drivers
On2 TrueMotion VP6 Video CODEC v6.4.2
Opera 10.60
Orbit Downloader
PC Connectivity Solution
PerfectDisk 10 Professional
Prince of Persia T2T
QuickTime
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2251419)
SHOUTcast Source DSP 1.9.0 (remove only)
SigmaTel Audio
Skype™ 4.2
Sothink iPod Video Converter
Spyware Doctor 7.0
StarCraft II
Subtitle Workshop 2.51
Sun xVM VirtualBox
sXe Injected
System Requirements Lab
TeamViewer 5
Tweak PDF Converter 4.0
Ultra Video Converter 4.4.0827
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Vista Services Optimizer
VLC media player 1.0.5
VNC Enterprise Edition E4.4.3
VobSub v2.23 (Remove Only)
WebTrance3.0 (деинсталиране)
Winamp
WinAVI MP4 Converter
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
WinSetupFromUSB
WinTIC v 2.09
Workrave 1.9.1
YouTube Downloader 2.5.7

==== End Of File ===========================

[miekiemoes]

Looks OK.

Btw, I am actually wondering if your Eset is up to date, because it suprises me that the realtime protection didn't alert you here.
Is there any possibility you connected to another computer in the same network which is infected? Because this bot variant Malwarebytes detected also spreads via networks.

[anex]

http://www.eset.eu/podpora/aktualizacia-5367?lng=en

this is my virus signature version... and there's only 1 computer which I can connect to but he's got eset nod32 as well as mine...

[miekiemoes]

Oke, good. Looks like Eset didn't detect what mbam found previously, so I hope they will update asap.