Jump to content

brian_vii

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

 Content Type 

Everything posted by brian_vii

  1. brian_vii
    Everything seems perfectly fine. I'm going to be purchasing Windows 8 ~ January I can't thank you enough. I can't believe how many Trojans and rootkits I had on my computer. By the time I got to you, I had removed 4 different ones. Unless, they were all linked. Normally, i'd instantly reformat the computer, but since my laptop is being repaired, I had no other option for studying for this certification. I have a backup hard drive, but of course I never used it.
  2. brian_vii
    CKScanner 2.1 - Additional Security Risks - These are not necessarily bad c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vmt c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vtf c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock_normal.vtf c:\windows\system32\slmgr.vbs.removewat c:\windows\syswow64\slmgr.vbs.removewat scanner sequence 3.EM.11.LSBBKB ----- EOF ----- Goldeneye is a free Halflife2 mod.
  3. brian_vii
    My computer seems to be running much MUCH faster, and I haven't had any google-redirect issues reoccur. Not sure if there are any more steps to be done, but THANK YOU SO MUCH. I did NOT want to re-format the computer. The only issue that occurred was when you had me copy the script showing the build of windows 7600 and 7601 into combofix. It caused windows to have an not genuine warning, but I fixed that issue (or at least the warning) within 3 mins. Let me know if there are any more steps I should take to make sure its 100% removed from my computer. I will definitely be sending you a Paypal reward within the next few days
  4. brian_vii
    ESET ONLINE SCANNER: No threats detected. There was no button "list of threats found" I apologize in advance if i blindly missed something. I'll run it again if you request me to. I was unable to find any kind of log from the scan. :/
  5. brian_vii
    Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.11.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Brian :: BRIAN-PC [administrator] 11/11/2012 6:49:49 PM mbam-log-2012-11-11 (18-49-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234071 Time elapsed: 4 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. brian_vii
    # AdwCleaner v2.007 - Logfile created 11/11/2012 at 18:46:08 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Brian - BRIAN-PC # Boot Mode : Normal # Running from : C:\Users\Brian\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar Folder Deleted : C:\Program Files (x86)\uTorrentBar Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\Users\Brian\AppData\Local\Conduit Folder Deleted : C:\Users\Brian\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Brian\AppData\LocalLow\uTorrentBar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB710D1-284A-49DC-9215-732ED0ECA65A} Key Deleted : HKLM\Software\uTorrentBar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9BB710D1-284A-49DC-9215-732ED0ECA65A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043353E0-023D-4279-8E24-C217692CC4AB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F600EE0B-979E-4E5E-98C1-4209CA465087} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678/ --> hxxp://www.google.com -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\oj3hehmz.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.64 File : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [6870 octets] - [11/11/2012 18:46:08] ########## EOF - C:\AdwCleaner[s1].txt - [6930 octets] ##########
  7. brian_vii
    On both firefox and chrome, when I go to download adwcleaner the browser crashes soon after hitting download
  8. brian_vii
    ComboFix 12-11-10.02 - Brian 11/11/2012 18:15:22.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2575 [GMT -5:00] Running from: c:\users\Brian\Desktop\ComboFix.exe Command switches used :: c:\users\Brian\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\system32\user32.dll c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll . ((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 ))))))))))))))))))))))))))))))) . . 2012-11-11 23:22 . 2012-11-11 23:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-11 23:22 . 2012-11-11 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-11 22:20 . 2012-11-11 22:20 -------- d-----w- C:\FRST 2012-11-11 21:55 . 2012-11-11 21:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-11 21:55 . 2012-11-11 21:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-11 21:55 . 2012-11-11 21:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-11 21:55 . 2012-11-11 21:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-11 21:55 . 2012-11-11 21:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-11 21:55 . 2012-11-11 21:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-11 21:55 . 2012-11-11 21:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-11 21:54 . 2012-11-11 21:54 -------- d-----w- c:\program files (x86)\QuickTime 2012-11-11 21:53 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-11-11 21:52 . 2012-11-11 21:52 -------- d-----w- c:\program files\iPod 2012-11-11 21:52 . 2012-11-11 21:53 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-11 21:52 . 2012-11-11 21:53 -------- d-----w- c:\program files\iTunes 2012-11-11 21:52 . 2012-11-11 21:53 -------- d-----w- c:\program files (x86)\iTunes 2012-11-11 21:24 . 2012-11-11 21:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-11-11 18:43 . 2012-11-11 22:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE5A6C6A-CC09-46E7-9E63-448183D13315}\offreg.dll 2012-11-10 20:44 . 2012-11-10 20:44 -------- dc-h--w- c:\programdata\{93D6607E-CDD1-4873-8FCA-D342BA47CD87} 2012-11-10 20:42 . 2012-11-10 20:42 -------- dc-h--w- c:\programdata\{62889E3B-679B-45F8-A351-AA2FA7EC013C} 2012-11-10 20:39 . 2012-11-10 20:39 -------- dc-h--w- c:\programdata\{53DF9DA2-B01F-423B-A7F6-5DBD67FB89CD} 2012-11-10 19:49 . 2012-11-10 19:49 -------- d-----w- c:\windows\system32\appmgmt 2012-11-10 18:59 . 2012-11-10 18:59 -------- d-----w- c:\program files\Hitman Pro 3.5 2012-11-10 18:50 . 2012-11-10 18:50 -------- d-----w- c:\program files\Enigma Software Group 2012-11-10 18:49 . 2012-11-11 18:32 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-10 18:49 . 2012-11-10 18:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-11-10 00:29 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE5A6C6A-CC09-46E7-9E63-448183D13315}\mpengine.dll 2012-11-10 00:12 . 2012-08-20 18:48 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-11-10 00:12 . 2012-08-20 18:48 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-10 00:12 . 2012-08-20 18:48 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-11-10 00:12 . 2012-08-20 18:46 338432 ----a-w- c:\windows\system32\conhost.exe 2012-11-10 00:12 . 2012-08-20 17:37 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-11-10 00:10 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-11-10 00:09 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-11-10 00:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-11-10 00:09 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-11-10 00:09 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-11-10 00:09 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-11-10 00:09 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-11-10 00:09 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-11-10 00:09 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-11-10 00:09 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-11-10 00:08 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-11-10 00:08 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-11-10 00:08 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-11-10 00:08 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-11-10 00:04 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-11-10 00:04 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-11-10 00:04 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-11-10 00:04 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-11-10 00:04 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-11-10 00:04 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-11-10 00:04 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-11-09 23:02 . 2012-11-09 23:02 -------- d-----w- c:\users\Brian\AppData\Local\ESET 2012-11-09 21:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-11-09 21:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-11-09 21:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-11-09 21:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-11-09 21:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-11-09 21:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-11-09 21:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-11-09 21:38 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-11-09 21:38 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-11-09 21:32 . 2012-11-09 21:32 39184 ----a-w- c:\windows\system32\Partizan.exe 2012-11-09 21:27 . 2012-11-09 21:27 -------- d-----w- c:\program files\ESET 2012-11-09 19:46 . 2012-11-09 19:46 -------- d-----w- c:\program files (x86)\ESET 2012-11-09 19:16 . 2012-11-11 18:31 -------- d-----w- c:\programdata\RegRun 2012-11-09 19:15 . 2012-11-09 19:15 2 --shatr- c:\windows\winstart.bat 2012-11-09 19:15 . 2012-11-11 18:33 -------- d-----w- c:\program files (x86)\UnHackMe 2012-11-09 19:00 . 2012-11-09 19:00 -------- d-----w- c:\users\Brian\AppData\Roaming\AVG2013 2012-11-09 18:58 . 2012-11-09 18:58 -------- d-----w- c:\users\Brian\AppData\Roaming\TuneUp Software 2012-11-09 18:56 . 2012-11-09 21:23 -------- d-----w- c:\programdata\AVG2013 2012-11-09 18:51 . 2012-11-09 18:51 -------- d-----w- c:\users\Brian\AppData\Local\MFAData 2012-11-09 18:51 . 2012-11-09 18:51 -------- d-----w- c:\users\Brian\AppData\Local\Avg2013 2012-11-08 23:43 . 2012-11-10 20:48 -------- d-----w- c:\users\Brian\AppData\Local\Facebook 2012-11-08 23:17 . 2012-11-08 23:17 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-10 19:00 . 2012-03-14 01:01 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2012-11-08 23:17 . 2012-08-20 19:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-08 23:17 . 2012-08-20 19:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-11-08 23:15 . 2012-04-10 19:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-08 23:15 . 2011-12-31 17:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 00:54 . 2010-12-07 20:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 05:18 . 2010-01-22 20:11 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-01 17:16 . 2012-09-01 17:16 4480000 ----a-w- c:\windows\es.scr 2012-08-21 18:01 . 2010-01-22 20:25 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 18:01 . 2010-01-22 20:25 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-20 17:38 . 2012-11-10 00:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\READREG" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Brian\Desktop\Real\WinRing0x64.sys [2008-07-27 14544] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-22 834544] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] . . Contents of the 'Scheduled Tasks' folder . 2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:15] . 2012-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000Core.job - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-22 20:05] . 2012-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000UA.job - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-22 20:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.1.1 DPF: {6C8E9E45-538C-473A-B83B-DA9AE1ED7604} - hxxps://insourcers.riahome.com/CABFiles/vspdf.cab DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} - hxxps://insourcers.riahome.com/CABFiles/vsprint7.cab DPF: {EBB0431C-10EB-432D-8C53-64BDBEDBD86B} - hxxps://insourcers.riahome.com/CABFiles/xmlgridRS.cab DPF: {F4721362-90E1-11D4-B547-00105A80AE07} - hxxps://insourcers.riahome.com/CABFiles/RIAInRSImport.cab DPF: {FE83D8C0-07C7-4915-A6B4-4A6B895E677F} - hxxps://insourcers.riahome.com/CABFiles/vsFlexXMLDSO.cab FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\oj3hehmz.default\ FF - ExtSQL: 2012-11-10 18:24; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-11 18:30:23 ComboFix-quarantined-files.txt 2012-11-11 23:30 ComboFix2.txt 2012-11-11 20:23 . Pre-Run: 783,080,435,712 bytes free Post-Run: 783,133,372,416 bytes free . - - End Of File - - A88716296C3568148FE3E1ECFA4206ED
  9. brian_vii
    All small bolded darker worded information should be highlighted red. Sorry
  10. brian_vii
    I ran Hijackthis and copied the log to their website and had it parsed. Here is the parsed information. Maybe this can help. You can reference this log by going to: http://hjt.iamnotageek.com/log-1029024.html Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32fxsresm.dll,-' for key 1 Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32psbase.dll,-' for key 1 Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32Locator.exe,-' for key 1 Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32spoolsv.exe,-' for key 1 Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32vssvc.exe,-' for key 1 Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32wbengine.exe,-' for key 1Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:30:38 PM, on 11/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Lambers\TestPrep\CMEngine_v10.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2786678/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-5C6AA.exe" /REG /REGSVRMODE O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - https://insourcers.riahome.com/CABFiles/RSLoginModule.cab O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - https://insourcers.riahome.com/CABFiles/RSTabbedList.cab O16 - DPF: {6C8E9E45-538C-473A-B83B-DA9AE1ED7604} (:-) VideoSoft VSPDF 7.0) - https://insourcers.riahome.com/CABFiles/vspdf.cab O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - https://insourcers.riahome.com/CABFiles/webnotifier.cab O16 - DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} (:-) VideoSoft VSPrinter 7.0) - https://insourcers.riahome.com/CABFiles/vsprint7.cab O16 - DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} (:-) VideoSoft FlexGrid 7.0 (Light)) - https://insourcers.riahome.com/CABFiles/vsflex7L.cab O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - https://insourcers.riahome.com/CABFiles/vsflex7.cab O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EBB0431C-10EB-432D-8C53-64BDBEDBD86B} (XmlGridRS Class) - https://insourcers.riahome.com/CABFiles/xmlgridRS.cab O16 - DPF: {F4721362-90E1-11D4-B547-00105A80AE07} (xmlWrapper Class) - https://insourcers.riahome.com/CABFiles/RIAInRSImport.cab O16 - DPF: {FE83D8C0-07C7-4915-A6B4-4A6B895E677F} (VSFlexDSO Class) - https://insourcers.riahome.com/CABFiles/vsFlexXMLDSO.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
  11. brian_vii
    ComboFix 12-11-10.01 - Brian 11/11/2012 15:16:18.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2658 [GMT -5:00] Running from: c:\users\Brian\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Brian\Documents\~WRL1607.tmp c:\windows\es.exe c:\windows\pthreadGC2.dll c:\windows\SysWow64\DEBUG.log c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 ))))))))))))))))))))))))))))))) . . 2012-11-11 22:20 . 2012-11-11 22:20 -------- d-----w- C:\FRST 2012-11-11 20:21 . 2012-11-11 20:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-11 20:21 . 2012-11-11 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-11 20:04 . 2012-11-11 20:04 869376 ----a-w- c:\windows\is-5C6AA.exe 2012-11-10 20:44 . 2012-11-10 20:44 -------- dc-h--w- c:\programdata\{93D6607E-CDD1-4873-8FCA-D342BA47CD87} 2012-11-10 20:42 . 2012-11-10 20:42 -------- dc-h--w- c:\programdata\{62889E3B-679B-45F8-A351-AA2FA7EC013C} 2012-11-10 20:39 . 2012-11-10 20:39 -------- dc-h--w- c:\programdata\{53DF9DA2-B01F-423B-A7F6-5DBD67FB89CD} 2012-11-10 19:49 . 2012-11-10 19:49 -------- d-----w- c:\windows\system32\appmgmt 2012-11-10 18:59 . 2012-11-10 18:59 -------- d-----w- c:\program files\Hitman Pro 3.5 2012-11-10 18:50 . 2012-11-10 18:50 -------- d-----w- c:\program files\Enigma Software Group 2012-11-10 18:49 . 2012-11-11 18:32 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-10 18:49 . 2012-11-10 18:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-11-10 00:29 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE5A6C6A-CC09-46E7-9E63-448183D13315}\mpengine.dll 2012-11-10 00:12 . 2012-08-20 18:48 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-11-10 00:12 . 2012-08-20 18:48 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-10 00:12 . 2012-08-20 18:48 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-11-10 00:12 . 2012-08-20 18:46 338432 ----a-w- c:\windows\system32\conhost.exe 2012-11-10 00:12 . 2012-08-20 17:37 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-11-10 00:10 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-11-10 00:09 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-11-10 00:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-11-10 00:09 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-11-10 00:09 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-11-10 00:09 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-11-10 00:09 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-11-10 00:09 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-11-10 00:09 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-11-10 00:09 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-11-10 00:08 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-11-10 00:08 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-11-10 00:08 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-11-10 00:08 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-11-10 00:04 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-11-10 00:04 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-11-10 00:04 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-11-10 00:04 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-11-10 00:04 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-11-10 00:04 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-11-10 00:04 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-11-09 23:02 . 2012-11-09 23:02 -------- d-----w- c:\users\Brian\AppData\Local\ESET 2012-11-09 21:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-11-09 21:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-11-09 21:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-11-09 21:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-11-09 21:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-11-09 21:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-11-09 21:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-11-09 21:38 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-11-09 21:38 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-11-09 21:32 . 2012-11-09 21:32 39184 ----a-w- c:\windows\system32\Partizan.exe 2012-11-09 21:27 . 2012-11-09 21:27 -------- d-----w- c:\program files\ESET 2012-11-09 19:46 . 2012-11-09 19:46 -------- d-----w- c:\program files (x86)\ESET 2012-11-09 19:16 . 2012-11-11 18:31 -------- d-----w- c:\programdata\RegRun 2012-11-09 19:15 . 2012-11-09 19:15 2 --shatr- c:\windows\winstart.bat 2012-11-09 19:15 . 2012-11-11 18:33 -------- d-----w- c:\program files (x86)\UnHackMe 2012-11-09 19:00 . 2012-11-09 19:00 -------- d-----w- c:\users\Brian\AppData\Roaming\AVG2013 2012-11-09 18:58 . 2012-11-09 18:58 -------- d-----w- c:\users\Brian\AppData\Roaming\TuneUp Software 2012-11-09 18:56 . 2012-11-09 21:23 -------- d-----w- c:\programdata\AVG2013 2012-11-09 18:51 . 2012-11-09 18:51 -------- d-----w- c:\users\Brian\AppData\Local\MFAData 2012-11-09 18:51 . 2012-11-09 18:51 -------- d-----w- c:\users\Brian\AppData\Local\Avg2013 2012-11-08 23:43 . 2012-11-10 20:48 -------- d-----w- c:\users\Brian\AppData\Local\Facebook 2012-11-08 23:17 . 2012-11-08 23:17 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-10 19:00 . 2012-03-14 01:01 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2012-11-08 23:17 . 2012-08-20 19:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-08 23:17 . 2012-08-20 19:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-11-08 23:15 . 2012-04-10 19:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-08 23:15 . 2011-12-31 17:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 00:54 . 2010-12-07 20:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 05:18 . 2010-01-22 20:11 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-01 17:16 . 2012-09-01 17:16 4480000 ----a-w- c:\windows\es.scr 2012-08-20 17:38 . 2012-11-10 00:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [-] 2011-03-13 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2011-03-13 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "InnoSetupRegFile.0000000001"="c:\windows\is-5C6AA.exe" [2012-11-11 869376] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\READREG" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Brian\Desktop\Real\WinRing0x64.sys [2008-07-27 14544] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-22 834544] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 73616905 *Deregistered* - 73616905 . Contents of the 'Scheduled Tasks' folder . 2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:15] . 2012-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000Core.job - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-22 20:05] . 2012-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000UA.job - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-22 20:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.1.1 DPF: {6C8E9E45-538C-473A-B83B-DA9AE1ED7604} - hxxps://insourcers.riahome.com/CABFiles/vspdf.cab DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} - hxxps://insourcers.riahome.com/CABFiles/vsprint7.cab DPF: {EBB0431C-10EB-432D-8C53-64BDBEDBD86B} - hxxps://insourcers.riahome.com/CABFiles/xmlgridRS.cab DPF: {F4721362-90E1-11D4-B547-00105A80AE07} - hxxps://insourcers.riahome.com/CABFiles/RIAInRSImport.cab DPF: {FE83D8C0-07C7-4915-A6B4-4A6B895E677F} - hxxps://insourcers.riahome.com/CABFiles/vsFlexXMLDSO.cab FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sztemzys.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf28f5906-2c96-4968-b15c-3e3ead21c13d%7D&mid=781f85c40e44c8fd6fb1bf3ef7404b16-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.1.0.12〈=en&pr=fr&d=2012-05-23%2018%3A51%3A44&sap=ku&q= FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-11 15:23:39 ComboFix-quarantined-files.txt 2012-11-11 20:23 . Pre-Run: 780,941,635,584 bytes free Post-Run: 781,358,047,232 bytes free . - - End Of File - - EB342A35353AAF079502D06DD548DB8D
  12. brian_vii
    Farbar Recovery Scan Tool (x64) Version: 10-11-2012 02 Ran by SYSTEM at 2012-11-11 14:22:58 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ====== Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2012 02 Ran by SYSTEM at 11-11-2012 14:33:36 Running from F:\ Windows 7 Ultimate (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET) HKLM-x32\...\runonceex: [Flags] 128 HKLM-x32\...\runonceex: [Title] UnHackMe Rootkit Check Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 ==================== Services (Whitelisted) =================== 3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151296 2007-04-12] (Creative Technology Ltd) 3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.) 3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700200 2007-04-10] (Creative Technology Ltd) 3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd) 3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd) 3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd) 3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd) 3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142120 2007-04-10] (Creative Technology Ltd) 3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.) 3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.) 3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681256 2007-04-10] (Creative Technology Ltd) 2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913144 2012-03-07] (ESET) ==================== Drivers (Whitelisted) ===================== 2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [21480 2010-07-09] (Windows ® Win 7 DDK provider) 1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET) 1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET) 2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-14] (ESET) 0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-22] (Duplex Secure Ltd.) 3 WinRing0_1_2_0; \??\C:\Users\Brian\Desktop\Real\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org) 3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] 0 Partizan; C:\Windows\System32\drivers\Partizan.sys [x] 3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x] 3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x] 3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-11-11 14:20 - 2012-11-11 14:20 - 00000000 ____D C:\FRST 2012-11-10 15:24 - 2012-11-11 10:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-11-10 12:44 - 2012-11-10 12:44 - 05308955 ____A (LearnForce Partners LLC ) C:\Users\Brian\Downloads\ndb_lamb_cpaaudit_m.exe 2012-11-10 12:44 - 2012-11-10 12:44 - 00000000 __HDC C:\Users\All Users\{93D6607E-CDD1-4873-8FCA-D342BA47CD87} 2012-11-10 12:42 - 2012-11-10 12:42 - 00002017 ____A C:\Users\Public\Desktop\Lambers.lnk 2012-11-10 12:42 - 2012-11-10 12:42 - 00000000 __HDC C:\Users\All Users\{62889E3B-679B-45F8-A351-AA2FA7EC013C} 2012-11-10 12:39 - 2012-11-10 12:39 - 00000000 __HDC C:\Users\All Users\{53DF9DA2-B01F-423B-A7F6-5DBD67FB89CD} 2012-11-10 12:36 - 2012-11-10 12:37 - 13324539 ____A (LearnForce Partners LLC ) C:\Users\Brian\Downloads\ndb_lamb_cpafar_m(1).exe 2012-11-10 12:01 - 2012-11-10 12:01 - 00010945 ____A C:\Users\Brian\Desktop\attach.txt 2012-11-10 12:01 - 2012-11-10 12:00 - 00023675 ____A C:\Users\Brian\Desktop\dds.txt 2012-11-10 11:59 - 2012-11-10 11:59 - 00688901 ____R (Swearware) C:\Users\Brian\Downloads\dds (1).com 2012-11-10 11:50 - 2012-11-10 11:50 - 00002250 ____A C:\Users\Brian\Desktop\RKreport[3]_S_11102012_02d1450.txt 2012-11-10 11:49 - 2012-11-10 11:49 - 00000000 ____D C:\Windows\System32\appmgmt 2012-11-10 11:12 - 2012-11-10 11:13 - 00602112 ____A (OldTimer Tools) C:\Users\Brian\Downloads\OTL.exe 2012-11-10 10:59 - 2012-11-10 10:59 - 00001974 ____A C:\Users\Public\Desktop\Hitman Pro 3.5.lnk 2012-11-10 10:59 - 2012-11-10 10:59 - 00000000 ____D C:\Program Files\Hitman Pro 3.5 2012-11-10 10:57 - 2011-06-23 07:45 - 00000000 ____D C:\Users\Brian\Desktop\fixed by shajt 2012-11-10 10:57 - 2011-06-23 07:39 - 00000515 ____A C:\Users\Brian\Desktop\readme.txt 2012-11-10 10:51 - 2012-11-10 10:51 - 00000000 ____A C:\autoexec.bat 2012-11-10 10:50 - 2012-11-10 10:50 - 00000000 ____D C:\Program Files\Enigma Software Group 2012-11-10 10:49 - 2012-11-11 10:32 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-10 10:46 - 2012-11-10 10:46 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Brian\Downloads\SpyHunter-Installer.exe 2012-11-10 10:44 - 2012-11-10 10:46 - 127231689 ____A (Igor Pavlov) C:\Users\Brian\Downloads\OTLPENet.exe 2012-11-10 10:41 - 2012-11-10 10:41 - 00002358 ____A C:\Users\Brian\Desktop\RKreport[2]_S_11102012_02d1341.txt 2012-11-10 10:40 - 2012-11-10 10:40 - 00666112 ____A C:\Users\Brian\Downloads\RogueKiller(1).exe 2012-11-09 19:55 - 2012-11-09 19:55 - 00026866 ____A C:\Users\Brian\Downloads\[HorribleSubs] Fairy Tail - 156 [720p].mkv.torrent 2012-11-09 19:19 - 2012-11-09 19:19 - 00000000 ____D C:\Users\Brian\AppData\Local\{287CE6B3-581D-4134-9483-F0E8D47C0C1D} 2012-11-09 16:17 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-11-09 16:17 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-11-09 16:17 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-09 16:17 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-11-09 16:17 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-11-09 16:17 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-11-09 16:17 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-11-09 16:17 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-11-09 16:17 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-11-09 16:17 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-11-09 16:17 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-11-09 16:17 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-11-09 16:17 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-11-09 16:17 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-11-09 16:17 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-11-09 16:17 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-11-09 16:17 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-11-09 16:17 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-11-09 16:17 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-11-09 16:17 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-11-09 16:17 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-11-09 16:17 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-11-09 16:17 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-11-09 16:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-11-09 16:17 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-11-09 16:17 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-11-09 16:17 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-11-09 16:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-11-09 16:17 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-11-09 16:17 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-11-09 16:17 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-11-09 16:17 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-11-09 16:12 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-11-09 16:12 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-11-09 16:12 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-11-09 16:12 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-11-09 16:12 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2012-11-09 16:12 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2012-11-09 16:11 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-11-09 16:11 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-11-09 16:11 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2012-11-09 16:11 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2012-11-09 16:11 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2012-11-09 16:11 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2012-11-09 16:11 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2012-11-09 16:11 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2012-11-09 16:11 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2012-11-09 16:11 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-09 16:11 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2012-11-09 16:11 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-11-09 16:11 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-11-09 16:10 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2012-11-09 16:10 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-11-09 16:10 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-11-09 16:10 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-11-09 16:10 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-11-09 16:10 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-11-09 16:10 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-11-09 16:10 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-11-09 16:10 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-11-09 16:10 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-11-09 16:10 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-11-09 16:10 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2012-11-09 16:10 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2012-11-09 16:10 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-11-09 16:10 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2012-11-09 16:10 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-11-09 16:10 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-11-09 16:10 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-11-09 16:10 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-11-09 16:10 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-11-09 16:10 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-11-09 16:10 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-11-09 16:10 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-11-09 16:10 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-11-09 16:10 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-11-09 16:10 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-11-09 16:10 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-11-09 16:10 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-11-09 16:10 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll 2012-11-09 16:10 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2012-11-09 16:10 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-11-09 16:10 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2012-11-09 16:10 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-11-09 16:10 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-11-09 16:09 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-11-09 16:09 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-11-09 16:09 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-11-09 16:09 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll 2012-11-09 16:09 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-11-09 16:09 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-11-09 16:09 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-11-09 16:09 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-11-09 16:09 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-11-09 16:08 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-11-09 16:08 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-11-09 16:08 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-11-09 16:08 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-11-09 16:08 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-11-09 16:05 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-11-09 16:05 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-11-09 16:05 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-11-09 16:05 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-11-09 16:05 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-11-09 16:05 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-11-09 16:05 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-11-09 16:05 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-11-09 16:04 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-11-09 16:04 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll 2012-11-09 16:04 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2012-11-09 16:04 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2012-11-09 16:04 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe 2012-11-09 16:04 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe 2012-11-09 16:04 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2012-11-09 15:02 - 2012-11-09 15:02 - 00000000 ____D C:\Users\Brian\AppData\Local\ESET 2012-11-09 14:45 - 2012-11-09 14:45 - 00002324 ____A C:\Windows\epplauncher.mif 2012-11-09 14:44 - 2012-11-09 14:44 - 13529576 ____A (Microsoft Corporation) C:\Users\Brian\Downloads\mseinstall.exe 2012-11-09 13:38 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-11-09 13:38 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-11-09 13:38 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-11-09 13:38 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-11-09 13:38 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-11-09 13:38 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-11-09 13:38 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-11-09 13:38 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-11-09 13:38 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-11-09 13:33 - 2012-11-11 10:31 - 00000252 ____A C:\Windows\SysWOW64\PARTIZAN.TXT 2012-11-09 13:32 - 2012-11-09 13:32 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe 2012-11-09 13:27 - 2012-11-09 13:27 - 00000000 ____D C:\Users\All Users\ESET 2012-11-09 13:27 - 2012-11-09 13:27 - 00000000 ____D C:\Program Files\ESET 2012-11-09 13:22 - 2012-11-09 13:22 - 01378744 ____A (ESET) C:\Users\Brian\Downloads\eset_nod32_antivirus_live_installer(1).exe 2012-11-09 13:15 - 2012-11-09 13:16 - 01378744 ____A (ESET) C:\Users\Brian\Downloads\eset_nod32_antivirus_live_installer.exe 2012-11-09 12:43 - 2012-11-09 12:43 - 02195061 ____A C:\Users\Brian\Downloads\tdsskiller(2).zip 2012-11-09 12:22 - 2012-11-09 12:22 - 00002321 ____A C:\Users\Brian\Desktop\RKreport[1]_S_11092012_02d1522.txt 2012-11-09 12:21 - 2012-11-09 12:22 - 00000000 ____D C:\Users\Brian\Desktop\RK_Quarantine 2012-11-09 12:18 - 2012-11-09 12:18 - 00666112 ____A C:\Users\Brian\Downloads\RogueKiller.exe 2012-11-09 12:08 - 2012-11-09 12:11 - 00002120 ____A C:\scu.dat 2012-11-09 11:46 - 2012-11-09 11:46 - 02322184 ____A (ESET) C:\Users\Brian\Downloads\esetsmartinstaller_enu.exe 2012-11-09 11:46 - 2012-11-09 11:46 - 00000000 ____D C:\Program Files (x86)\ESET 2012-11-09 11:31 - 2012-11-09 11:31 - 00302592 ____A C:\Users\Brian\Downloads\ryjn9ufm.exe 2012-11-09 11:30 - 2012-11-09 11:30 - 00302592 ____A C:\Users\Brian\Downloads\bdv9009d.exe 2012-11-09 11:30 - 2012-11-09 11:30 - 00302592 ____A C:\Users\Brian\Downloads\38oojsdx.exe 2012-11-09 11:16 - 2012-11-11 10:31 - 00000000 ____D C:\Users\All Users\RegRun 2012-11-09 11:15 - 2012-11-11 10:33 - 00000000 ____D C:\Program Files (x86)\UnHackMe 2012-11-09 11:15 - 2012-11-09 11:18 - 00000000 ____D C:\Users\Brian\Documents\RegRun2 2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\winstart.bat 2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT 2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT 2012-11-09 11:15 - 2012-11-03 17:15 - 12585596 ____A (Greatis Software, LLC. ) C:\Users\Brian\Desktop\unhackme_setup.exe 2012-11-09 11:14 - 2012-11-09 11:15 - 12564642 ____A C:\Users\Brian\Downloads\unhackme.zip 2012-11-09 11:00 - 2012-11-09 11:00 - 00000000 ____D C:\Users\Brian\AppData\Roaming\AVG2013 2012-11-09 10:58 - 2012-11-09 10:58 - 00000000 ____D C:\Users\Brian\AppData\Roaming\TuneUp Software 2012-11-09 10:56 - 2012-11-09 13:23 - 00000000 ____D C:\Users\All Users\AVG2013 2012-11-09 10:51 - 2012-11-09 10:51 - 00000000 ____D C:\Users\Brian\AppData\Local\MFAData 2012-11-09 10:51 - 2012-11-09 10:51 - 00000000 ____D C:\Users\Brian\AppData\Local\Avg2013 2012-11-09 10:04 - 2012-11-09 10:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller(2).exe 2012-11-08 15:43 - 2012-11-10 12:48 - 00000000 ____D C:\Users\Brian\AppData\Local\Facebook 2012-11-08 15:43 - 2012-11-09 16:49 - 00000137 ____A C:\Windows\SysWOW64\debug.log 2012-11-08 15:43 - 2012-11-08 15:43 - 00501240 ____A (Facebook Inc.) C:\Users\Brian\Downloads\FacebookMessengerSetup_v1.2.205.0.exe 2012-11-08 15:17 - 2012-11-08 15:17 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ==================== One Month Modified Files and Folders ======= 2012-11-11 14:20 - 2012-11-11 14:20 - 00000000 ____D C:\FRST 2012-11-11 11:31 - 2009-07-13 21:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-11 11:30 - 2010-01-22 10:56 - 01267647 ____A C:\Windows\WindowsUpdate.log 2012-11-11 11:28 - 2009-07-13 20:51 - 00056093 ____A C:\Windows\setupact.log 2012-11-11 11:27 - 2012-08-20 10:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-11-11 11:27 - 2010-01-22 14:21 - 00000324 ____A C:\Windows\Tasks\GlaryInitialize.job 2012-11-11 11:27 - 2010-01-22 11:06 - 00000000 ____D C:\Users\All Users\NVIDIA 2012-11-11 11:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-11 10:38 - 2012-04-10 11:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-11-11 10:37 - 2012-11-10 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-11-11 10:33 - 2012-11-09 11:15 - 00000000 ____D C:\Program Files (x86)\UnHackMe 2012-11-11 10:32 - 2012-11-10 10:49 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-11 10:31 - 2012-11-09 13:33 - 00000252 ____A C:\Windows\SysWOW64\PARTIZAN.TXT 2012-11-11 10:31 - 2012-11-09 11:16 - 00000000 ____D C:\Users\All Users\RegRun 2012-11-11 10:28 - 2010-01-22 12:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000UA.job 2012-11-10 15:19 - 2010-01-22 12:05 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000Core.job 2012-11-10 12:48 - 2012-11-08 15:43 - 00000000 ____D C:\Users\Brian\AppData\Local\Facebook 2012-11-10 12:44 - 2012-11-10 12:44 - 05308955 ____A (LearnForce Partners LLC ) C:\Users\Brian\Downloads\ndb_lamb_cpaaudit_m.exe 2012-11-10 12:44 - 2012-11-10 12:44 - 00000000 __HDC C:\Users\All Users\{93D6607E-CDD1-4873-8FCA-D342BA47CD87} 2012-11-10 12:42 - 2012-11-10 12:42 - 00002017 ____A C:\Users\Public\Desktop\Lambers.lnk 2012-11-10 12:42 - 2012-11-10 12:42 - 00000000 __HDC C:\Users\All Users\{62889E3B-679B-45F8-A351-AA2FA7EC013C} 2012-11-10 12:39 - 2012-11-10 12:39 - 00000000 __HDC C:\Users\All Users\{53DF9DA2-B01F-423B-A7F6-5DBD67FB89CD} 2012-11-10 12:37 - 2012-11-10 12:36 - 13324539 ____A (LearnForce Partners LLC ) C:\Users\Brian\Downloads\ndb_lamb_cpafar_m(1).exe 2012-11-10 12:01 - 2012-11-10 12:01 - 00010945 ____A C:\Users\Brian\Desktop\attach.txt 2012-11-10 12:00 - 2012-11-10 12:01 - 00023675 ____A C:\Users\Brian\Desktop\dds.txt 2012-11-10 11:59 - 2012-11-10 11:59 - 00688901 ____R (Swearware) C:\Users\Brian\Downloads\dds (1).com 2012-11-10 11:50 - 2012-11-10 11:50 - 00002250 ____A C:\Users\Brian\Desktop\RKreport[3]_S_11102012_02d1450.txt 2012-11-10 11:49 - 2012-11-10 11:49 - 00000000 ____D C:\Windows\System32\appmgmt 2012-11-10 11:49 - 2010-01-22 13:34 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Toolbar 2012-11-10 11:13 - 2012-11-10 11:12 - 00602112 ____A (OldTimer Tools) C:\Users\Brian\Downloads\OTL.exe 2012-11-10 11:11 - 2010-01-22 16:04 - 00000000 ____D C:\Windows\pss 2012-11-10 11:00 - 2012-03-13 17:01 - 00023112 ____A C:\Windows\System32\Drivers\hitmanpro35.sys 2012-11-10 11:00 - 2010-01-22 12:12 - 00000000 ____D C:\Users\Brian\AppData\Roaming\uTorrent 2012-11-10 10:59 - 2012-11-10 10:59 - 00001974 ____A C:\Users\Public\Desktop\Hitman Pro 3.5.lnk 2012-11-10 10:59 - 2012-11-10 10:59 - 00000000 ____D C:\Program Files\Hitman Pro 3.5 2012-11-10 10:55 - 2012-03-13 16:59 - 00000000 ____D C:\Users\Brian\Downloads\Hitman Pro 3.5.9 Build 125 (x64) incl crack 2012-11-10 10:51 - 2012-11-10 10:51 - 00000000 ____A C:\autoexec.bat 2012-11-10 10:50 - 2012-11-10 10:50 - 00000000 ____D C:\Program Files\Enigma Software Group 2012-11-10 10:46 - 2012-11-10 10:46 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Brian\Downloads\SpyHunter-Installer.exe 2012-11-10 10:46 - 2012-11-10 10:44 - 127231689 ____A (Igor Pavlov) C:\Users\Brian\Downloads\OTLPENet.exe 2012-11-10 10:41 - 2012-11-10 10:41 - 00002358 ____A C:\Users\Brian\Desktop\RKreport[2]_S_11102012_02d1341.txt 2012-11-10 10:40 - 2012-11-10 10:40 - 00666112 ____A C:\Users\Brian\Downloads\RogueKiller(1).exe 2012-11-10 09:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2012-11-09 19:55 - 2012-11-09 19:55 - 00026866 ____A C:\Users\Brian\Downloads\[HorribleSubs] Fairy Tail - 156 [720p].mkv.torrent 2012-11-09 19:19 - 2012-11-09 19:19 - 00000000 ____D C:\Users\Brian\AppData\Local\{287CE6B3-581D-4134-9483-F0E8D47C0C1D} 2012-11-09 16:49 - 2012-11-08 15:43 - 00000137 ____A C:\Windows\SysWOW64\debug.log 2012-11-09 16:47 - 2009-07-13 20:45 - 00434296 ____A C:\Windows\System32\FNTCACHE.DAT 2012-11-09 16:46 - 2010-01-22 15:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2012-11-09 16:45 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-09 16:45 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-09 16:44 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal 2012-11-09 16:37 - 2010-01-22 14:05 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-11-09 16:34 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini 2012-11-09 15:02 - 2012-11-09 15:02 - 00000000 ____D C:\Users\Brian\AppData\Local\ESET 2012-11-09 14:45 - 2012-11-09 14:45 - 00002324 ____A C:\Windows\epplauncher.mif 2012-11-09 14:44 - 2012-11-09 14:44 - 13529576 ____A (Microsoft Corporation) C:\Users\Brian\Downloads\mseinstall.exe 2012-11-09 13:33 - 2010-01-22 11:08 - 00046614 ____A C:\Windows\PFRO.log 2012-11-09 13:32 - 2012-11-09 13:32 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe 2012-11-09 13:27 - 2012-11-09 13:27 - 00000000 ____D C:\Users\All Users\ESET 2012-11-09 13:27 - 2012-11-09 13:27 - 00000000 ____D C:\Program Files\ESET 2012-11-09 13:24 - 2010-10-21 11:15 - 00000000 ____D C:\Users\All Users\MFAData 2012-11-09 13:23 - 2012-11-09 10:56 - 00000000 ____D C:\Users\All Users\AVG2013 2012-11-09 13:22 - 2012-11-09 13:22 - 01378744 ____A (ESET) C:\Users\Brian\Downloads\eset_nod32_antivirus_live_installer(1).exe 2012-11-09 13:16 - 2012-11-09 13:15 - 01378744 ____A (ESET) C:\Users\Brian\Downloads\eset_nod32_antivirus_live_installer.exe 2012-11-09 12:58 - 2012-03-12 21:13 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-11-09 12:43 - 2012-11-09 12:43 - 02195061 ____A C:\Users\Brian\Downloads\tdsskiller(2).zip 2012-11-09 12:22 - 2012-11-09 12:22 - 00002321 ____A C:\Users\Brian\Desktop\RKreport[1]_S_11092012_02d1522.txt 2012-11-09 12:22 - 2012-11-09 12:21 - 00000000 ____D C:\Users\Brian\Desktop\RK_Quarantine 2012-11-09 12:18 - 2012-11-09 12:18 - 00666112 ____A C:\Users\Brian\Downloads\RogueKiller.exe 2012-11-09 12:11 - 2012-11-09 12:08 - 00002120 ____A C:\scu.dat 2012-11-09 11:46 - 2012-11-09 11:46 - 02322184 ____A (ESET) C:\Users\Brian\Downloads\esetsmartinstaller_enu.exe 2012-11-09 11:46 - 2012-11-09 11:46 - 00000000 ____D C:\Program Files (x86)\ESET 2012-11-09 11:31 - 2012-11-09 11:31 - 00302592 ____A C:\Users\Brian\Downloads\ryjn9ufm.exe 2012-11-09 11:30 - 2012-11-09 11:30 - 00302592 ____A C:\Users\Brian\Downloads\bdv9009d.exe 2012-11-09 11:30 - 2012-11-09 11:30 - 00302592 ____A C:\Users\Brian\Downloads\38oojsdx.exe 2012-11-09 11:18 - 2012-11-09 11:15 - 00000000 ____D C:\Users\Brian\Documents\RegRun2 2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\winstart.bat 2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT 2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT 2012-11-09 11:15 - 2012-11-09 11:14 - 12564642 ____A C:\Users\Brian\Downloads\unhackme.zip 2012-11-09 11:00 - 2012-11-09 11:00 - 00000000 ____D C:\Users\Brian\AppData\Roaming\AVG2013 2012-11-09 11:00 - 2010-08-25 13:59 - 00000000 ____D C:\Program Files (x86)\AVG 2012-11-09 10:59 - 2010-09-03 18:50 - 00000000 ___HD C:\$AVG 2012-11-09 10:58 - 2012-11-09 10:58 - 00000000 ____D C:\Users\Brian\AppData\Roaming\TuneUp Software 2012-11-09 10:51 - 2012-11-09 10:51 - 00000000 ____D C:\Users\Brian\AppData\Local\MFAData 2012-11-09 10:51 - 2012-11-09 10:51 - 00000000 ____D C:\Users\Brian\AppData\Local\Avg2013 2012-11-09 10:04 - 2012-11-09 10:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller(2).exe 2012-11-08 15:43 - 2012-11-08 15:43 - 00501240 ____A (Facebook Inc.) C:\Users\Brian\Downloads\FacebookMessengerSetup_v1.2.205.0.exe 2012-11-08 15:20 - 2012-05-25 14:44 - 00000000 ____D C:\Users\All Users\Skype 2012-11-08 15:18 - 2012-03-12 15:26 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE 2012-11-08 15:18 - 2012-01-17 17:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-08 15:18 - 2010-12-07 12:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-08 15:17 - 2012-11-08 15:17 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-11-08 15:17 - 2012-08-20 11:31 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-11-08 15:17 - 2012-08-20 11:31 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-11-08 15:17 - 2012-08-20 11:31 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-11-08 15:17 - 2010-01-22 15:34 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-11-08 15:17 - 2010-01-22 15:34 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-11-08 15:17 - 2010-01-22 15:34 - 00000000 ____D C:\Program Files (x86)\Java 2012-11-08 15:17 - 2010-01-22 12:05 - 00002483 ____A C:\Users\Brian\Desktop\Google Chrome.lnk 2012-11-08 15:15 - 2012-04-10 11:44 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-11-08 15:15 - 2011-12-31 09:39 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-11-08 15:15 - 2011-05-01 21:57 - 00000000 ____D C:\Users\All Users\Adobe 2012-11-03 17:15 - 2012-11-09 11:15 - 12585596 ____A (Greatis Software, LLC. ) C:\Users\Brian\Desktop\unhackme_setup.exe 2012-10-31 18:49 - 2012-03-13 16:53 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Brian\Desktop\TDSSKiller.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-11-08 15:17:05 Restore point made on: 2012-11-09 10:56:41 Restore point made on: 2012-11-09 10:57:06 Restore point made on: 2012-11-09 11:19:09 Restore point made on: 2012-11-09 13:18:15 Restore point made on: 2012-11-09 13:23:56 Restore point made on: 2012-11-09 13:34:59 Restore point made on: 2012-11-09 13:38:15 Restore point made on: 2012-11-09 16:12:49 Restore point made on: 2012-11-10 10:50:17 Restore point made on: 2012-11-10 11:49:02 Restore point made on: 2012-11-11 10:32:07 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4094.49 MB Available physical RAM: 3478.13 MB Total Pagefile: 4092.64 MB Available Pagefile: 3460.86 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:931.41 GB) (Free:727.44 GB) NTFS 2 Drive e: (Lambers Practice) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS 3 Drive f: (STORE N GO) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 1910 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 931 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 931 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1906 MB 4032 KB ================================================================================== Disk: 1 Partition 1 Type : 0E Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F STORE N GO FAT Removable 1906 MB Healthy ========================================================= Last Boot: 2012-11-08 15:37 ==================== End Of Log =============================
  13. brian_vii
    Hey, I am having an issue with google redirect viruses/trojans and rans.gendarm which was picked up by RogueKiller. I ran a scan with ESET which picked up 2 other trojans Olmarik and BHO or BEO something. It deleted/cleaned those for me. I have not touched the rans.gendarm via roguekiller because i'm not sure if i'd screw my computer up by deleting it. This is the RogueKiller Report:. (Below the roguekiller report are the dds and attach text RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Website: http://tigzy.geeksto...roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Brian [Admin rights] Mode : Scan -- Date : 11/10/2012 13:41:11 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] FacebookMessenger.exe -- C:\Users\Brian\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][Rans.Gendarm] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Brian\AppData\Roaming\AVG10\AVG10\hmlxkn.dll",DllRegisterServer) -> FOUND [RUN][Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Brian\AppData\Roaming\AVG10\AVG10\hmlxkn.dll",DllRegisterServer) -> FOUND [sTARTUP][sUSP PATH] Facebook Messenger.lnk @Brian : C:\Users\Brian\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Windows\es.scr) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD10 01FALS-00J7B SCSI Disk Device +++++ --- User --- [MBR] 8412aa878541586e929093f7e78a91e2 [bSP] 48dacca1a32dd45c7c7c2bdaeb9c1bdb : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_S_11102012_02d1341.txt >> RKreport[1]_S_11092012_02d1522.txt ; RKreport[2]_S_11102012_02d1341.txt DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2 Run by Brian at 15:00:13 on 2012-11-10 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1235 [GMT -5:00] . AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Becker Professional Education\CPA 2012\BPESelfStudy.exe C:\Program Files (x86)\Becker Professional Education\CPA 2012\BPESelfStudy.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\Downloads\RogueKiller.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\msiexec.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\AppData\Local\Temp\SHSetup.exe C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\notepad.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Brian\Downloads\OTL.exe C:\Windows\system32\taskhost.exe C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678/ uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll dRun: [DevconDefaultDB] C:\Windows\System32\READREG /SILENT /FAIL=1 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} - hxxps://insourcers.riahome.com/CABFiles/RSLoginModule.cab DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} - hxxps://insourcers.riahome.com/CABFiles/RSTabbedList.cab DPF: {6C8E9E45-538C-473A-B83B-DA9AE1ED7604} - hxxps://insourcers.riahome.com/CABFiles/vspdf.cab DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} - hxxps://insourcers.riahome.com/CABFiles/webnotifier.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} - hxxps://insourcers.riahome.com/CABFiles/vsprint7.cab DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} - hxxps://insourcers.riahome.com/CABFiles/vsflex7L.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} - hxxps://insourcers.riahome.com/CABFiles/vsflex7.cab DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EBB0431C-10EB-432D-8C53-64BDBEDBD86B} - hxxps://insourcers.riahome.com/CABFiles/xmlgridRS.cab DPF: {F4721362-90E1-11D4-B547-00105A80AE07} - hxxps://insourcers.riahome.com/CABFiles/RIAInRSImport.cab DPF: {FE83D8C0-07C7-4915-A6B4-4A6B895E677F} - hxxps://insourcers.riahome.com/CABFiles/vsFlexXMLDSO.cab TCP: NameServer = 10.0.1.1 TCP: Interfaces\{686FB0F5-C2A1-4852-9367-30F27E857263} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{686FB0F5-C2A1-4852-9367-30F27E857263}\C696E6B6379737F5355435F573731393 : DHCPNameServer = 68.87.64.150 68.87.75.198 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sztemzys.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf28f5906-2c96-4968-b15c-3e3ead21c13d%7D&mid=781f85c40e44c8fd6fb1bf3ef7404b16-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.1.0.12〈=en&pr=fr&d=2012-05-23%2018%3A51%3A44&sap=ku&q= FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff8.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff9.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sztemzys.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sztemzys.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Brian\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll FF - plugin: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768] R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-10-22 21480] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144] R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000] R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-10-10 1021888] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856] S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2012-11-10 22704] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-13 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-13 1255736] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Brian\Desktop\Real\WinRing0x64.sys [2010-10-21 14544] . =============== Created Last 30 ================ . 2012-11-10 19:49:18 -------- d-----w- C:\Windows\System32\appmgmt 2012-11-10 18:59:29 -------- d-----w- C:\Program Files\Hitman Pro 3.5 2012-11-10 18:50:46 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys 2012-11-10 18:50:42 110080 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe 2012-11-10 18:50:42 110080 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe 2012-11-10 18:50:42 110080 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe 2012-11-10 18:50:40 -------- d-----w- C:\sh4ldr 2012-11-10 18:50:40 -------- d-----w- C:\Program Files\Enigma Software Group 2012-11-10 18:49:56 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-10 18:49:55 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2012-11-10 18:06:03 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE5A6C6A-CC09-46E7-9E63-448183D13315}\offreg.dll 2012-11-10 03:22:05 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-11-10 03:19:40 -------- d-----w- C:\Users\Brian\AppData\Local\{287CE6B3-581D-4134-9483-F0E8D47C0C1D} 2012-11-10 00:29:59 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE5A6C6A-CC09-46E7-9E63-448183D13315}\mpengine.dll 2012-11-10 00:12:02 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-10 00:12:02 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-10 00:12:02 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-10 00:12:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-10 00:10:50 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-11-10 00:09:59 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-11-10 00:09:59 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-11-10 00:09:58 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-11-10 00:09:57 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-11-10 00:09:57 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-11-10 00:09:56 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-11-10 00:09:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-11-10 00:09:56 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-11-10 00:09:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-11-10 00:08:43 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-11-10 00:08:43 136704 ----a-w- C:\Windows\System32\browser.dll 2012-11-10 00:08:42 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-11-10 00:04:53 751104 ----a-w- C:\Windows\System32\win32spl.dll 2012-11-10 00:04:52 67072 ----a-w- C:\Windows\splwow64.exe 2012-11-10 00:04:52 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2012-11-10 00:04:52 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-11-10 00:04:50 503808 ----a-w- C:\Windows\System32\srcore.dll 2012-11-10 00:04:50 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2012-11-10 00:04:48 956928 ----a-w- C:\Windows\System32\localspl.dll 2012-11-09 23:02:47 -------- d-----w- C:\Users\Brian\AppData\Local\ESET 2012-11-09 21:38:40 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-11-09 21:38:28 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-11-09 21:38:18 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-11-09 21:38:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-11-09 21:32:26 39184 ----a-w- C:\Windows\System32\Partizan.exe 2012-11-09 21:27:31 -------- d-----w- C:\Program Files\ESET 2012-11-09 19:46:47 -------- d-----w- C:\Program Files (x86)\ESET 2012-11-09 19:16:03 -------- d-----w- C:\ProgramData\RegRun 2012-11-09 19:16:02 39184 ----a-w- C:\Windows\SysWow64\Partizan.exe 2012-11-09 19:16:02 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys 2012-11-09 19:15:58 2 --shatr- C:\Windows\winstart.bat 2012-11-09 19:15:55 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys 2012-11-09 19:15:52 -------- d-----w- C:\Program Files (x86)\UnHackMe 2012-11-09 19:00:14 -------- d-----w- C:\Users\Brian\AppData\Roaming\AVG2013 2012-11-09 18:58:23 -------- d-----w- C:\Users\Brian\AppData\Roaming\TuneUp Software 2012-11-09 18:56:56 -------- d-----w- C:\ProgramData\AVG2013 2012-11-09 18:51:06 -------- d-----w- C:\Users\Brian\AppData\Local\MFAData 2012-11-09 18:51:06 -------- d-----w- C:\Users\Brian\AppData\Local\Avg2013 2012-11-08 23:43:11 -------- d-----w- C:\Users\Brian\AppData\Local\Facebook 2012-11-08 23:17:43 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll . ==================== Find3M ==================== . 2012-11-10 19:00:41 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys 2012-11-08 23:17:40 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-11-08 23:17:40 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-11-08 23:15:44 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-08 23:15:44 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-09-01 17:16:50 4480000 ----a-w- C:\Windows\es.scr 2012-09-01 17:16:50 4480000 ----a-w- C:\Windows\es.exe 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 15:00:56.82 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 1/22/2010 1:57:09 PM System Uptime: 11/10/2012 11:56:43 AM (4 hours ago) . Motherboard: EVGA | | nForce 750i SLI Processor: Intel® Core2 Quad CPU Q9550 @ 2.83GHz | Socket 775 | 2868/337mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 728.106 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: PCI Input Device Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&14591D7E&0&5180 Manufacturer: Name: PCI Input Device PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&14591D7E&0&5180 Service: . ==== System Restore Points =================== . RP140: 11/8/2012 6:16:55 PM - Installed Java 7 Update 9 RP141: 11/9/2012 1:56:32 PM - Installed AVG 2013 RP142: 11/9/2012 1:56:59 PM - Installed AVG 2013 RP143: 11/9/2012 2:19:05 PM - RegRun Virus Scan RP144: 11/9/2012 4:17:59 PM - Removed AVG 2013 RP145: 11/9/2012 4:23:48 PM - Removed AVG 2013 RP146: 11/9/2012 4:34:48 PM - RegRun Virus Scan RP147: 11/9/2012 4:38:11 PM - Windows Update RP148: 11/9/2012 7:12:39 PM - Windows Update RP149: 11/10/2012 1:50:06 PM - Installed SpyHunter RP150: 11/10/2012 2:48:51 PM - Removed Facebook Messenger 2.1.4651.0 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update Becker's CPA Exam Review - 2012 Edition Becker's Final Review - 2012 Edition BlackBerry App World Browser Plugin BlackBerry Desktop Software 5.0.1 BlackBerry® Media Sync Bonjour Counter-Strike: Source CPA FAR CPA REG CPUID CPU-Z 1.55 D3DX10 Diablo III Download Updater (AOL LLC) Electric Sheep 2.7b34c ESET NOD32 Antivirus ESET Online Scanner v3 EVGA Precision 1.3.3 Glary Utilities Pro 2.16.0.758 GoldenEye: Source - HalfLife 2 Mod Google Chrome Hitman Pro 3.5 iTunes Java 7 Update 9 Java 6 Update 16 Java 6 Update 31 (64-bit) JavaFX 2.1.1 Junk Mail filter update Lambers League of Legends Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA 3D Vision Controller Driver 301.42 NVIDIA 3D Vision Driver 301.42 NVIDIA Control Panel 301.42 NVIDIA Display Control Panel NVIDIA Drivers NVIDIA Graphics Driver 301.42 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.8.15 NVIDIA Update Components ONESOURCE 2008 Client ONESOURCE 2009 Client Pando Media Booster PeerGuardian 2.0 QuickTime Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Skype Click to Call Skype™ 5.9 Source SDK Base 2007 SpeedFan (remove only) SpyHunter StarCraft II Steam Team Fortress 2 The Witcher: Enhanced Edition UnHackMe 5.99 release Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) uTorrentBar Toolbar Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Winamp Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR archiver World of Warcraft . ==== Event Viewer Messages From Past Week ======== . 11/9/2012 5:25:19 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding 11/9/2012 4:28:14 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/9/2012 2:01:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect. 11/9/2012 2:01:30 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/9/2012 1:39:31 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. 11/9/2012 1:03:37 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 11/10/2012 11:59:25 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 11/10/2012 11:59:25 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. . ==== End Of File ===========================
  14. brian_vii
    Log from ESET NOD32 Scan Log Version of virus signature database: 7678 (20121109) Date: 11/9/2012 Time: 5:42:00 PM Scanned disks, folders and files: Operating memory;Boot sector;C:\Boot sector;C:\;D:\Boot sector;D:\ C:\hiberfil.sys - error opening [4] C:\pagefile.sys - error opening [4] C:\Program Files (x86)\Riot Games\League of Legends\game\HeroPak_client.zip » ZIP » DATA\Particles\leaf_test.troy - archive damaged - the file could not be extracted. C:\Program Files (x86)\Steam\steamapps\warrior898\counter-strike source\cstrike\cache\de_season.bsp.bz20000 » BZ2 » de_season.bsp.bz20000 - unpack error C:\Program Files (x86)\Steam\steamapps\warrior898\team fortress 2\tf\cache\cp_gullywash_imp3.bsp.bz20000 » BZ2 » cp_gullywash_imp3.bsp.bz20000 - unpack error C:\Program Files (x86)\Steam\steamapps\warrior898\team fortress 2\tf\cache\cp_kakariko_a3.bsp.bz20000 » BZ2 » cp_kakariko_a3.bsp.bz20000 - unpack error C:\Program Files (x86)\Steam\steamapps\warrior898\team fortress 2\tf\cache\mariointro.mp3.bz20000 » BZ2 » mariointro.mp3.bz20000 - unpack error C:\Program Files (x86)\Steam\steamapps\warrior898\team fortress 2\tf\cache\scout_domination.vvd.bz20000 » BZ2 » scout_domination.vvd.bz20000 - unpack error C:\ProgramData\Blizzard Entertainment\StarCraft II\Versions\Shaders14513\userCache.bin » SMARTINSTALLMAKER;VER=2 - error - unknown compression method C:\ProgramData\Blizzard Entertainment\StarCraft II\Versions\Shaders14515\userCache.bin » SMARTINSTALLMAKER;VER=2 - error - unknown compression method C:\ProgramData\MFAData\SelfUpd\avgsbfree_us.mht » MIME - is OK (internal scanning not performed) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4] C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4] C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0000.dta - Win32/Olmarik.AWO trojan - cleaned by deleting - quarantined [1] C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0001.dta - Win64/Olmarik.AD trojan - cleaned by deleting - quarantined [1] C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0002.dta - Win32/Olmarik.AYH trojan - cleaned by deleting - quarantined [1] C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0003.dta - Win64/Olmarik.AG trojan - cleaned by deleting - quarantined [1] C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0004.dta - a variant of Win32/Rootkit.Kryptik.LH trojan - cleaned by deleting - quarantined [1] C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0005.dta - Win64/Olmarik.AF trojan - cleaned by deleting - quarantined [1] C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0009.dta - Win32/Olmarik.AWO trojan - cleaned by deleting - quarantined [1] C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0010.dta - Win64/Olmarik.X trojan - cleaned by deleting - quarantined [1] C:\Users\All Users\Blizzard Entertainment\StarCraft II\Versions\Shaders14513\userCache.bin » SMARTINSTALLMAKER;VER=2 - error - unknown compression method C:\Users\All Users\Blizzard Entertainment\StarCraft II\Versions\Shaders14515\userCache.bin » SMARTINSTALLMAKER;VER=2 - error - unknown compression method C:\Users\All Users\MFAData\SelfUpd\avgsbfree_us.mht » MIME - is OK (internal scanning not performed) C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4] C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4] C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4] C:\Users\Brian\NTUSER.DAT - error opening [4] C:\Users\Brian\ntuser.dat.LOG1 - error opening [4] C:\Users\Brian\ntuser.dat.LOG2 - error opening [4] C:\Users\Brian\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi » MSI » required.cab » CAB - error reading archive C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001cc » GZIP » f_0001cc - archive damaged C:\Users\Brian\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive C:\Users\Brian\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4] C:\Users\Brian\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4] C:\Users\Brian\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4] C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S5B2OB25\AppleMobileDeviceSupport64[1].msi » MSI - archive damaged - the file could not be extracted. C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BEC73915-AB80-44EC-BE99-3124CF153D9C}.tmp - error opening [4] C:\Users\Brian\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe » CAB » jusched - archive damaged - the file could not be extracted. C:\Users\Brian\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe » CAB » task.xml - archive damaged - the file could not be extracted. C:\Users\Brian\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe » CAB » task64.xml - archive damaged - the file could not be extracted. C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\51660c8f-2e97ae0b » ZIP » main.class - Java/Agent.BV trojan C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1b77acdf-602748e5 » ZIP » a/Test.class - Java/Exploit.CVE-2012-0507.C trojan C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1b77acdf-602748e5 » ZIP » a/Help.class - a variant of Java/Exploit.CVE-2012-0507.AG trojan C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sztemzys.default\parent.lock - error opening [4] C:\Users\Brian\Desktop\Minecraft.exe » ZIP » - archive damaged C:\Users\Brian\Desktop\RemoveWAT 2.2.7 (2012).rar » RAR » Windows 7 Remove WAT 2012.rar » RAR » RemoveWAT\RemoveWAT.exe - Incorrect file checksum (CRC); the file is probably password protected. C:\Users\Brian\Desktop\RemoveWAT 2.2.7 (2012)\Windows 7 Remove WAT 2012.rar » RAR » RemoveWAT\RemoveWAT.exe - Incorrect file checksum (CRC); the file is probably password protected. C:\Users\Brian\Downloads\jre-6u31-windows-i586-iftw.exe » CAB » jusched - archive damaged - the file could not be extracted. C:\Users\Brian\Downloads\jre-6u31-windows-i586-iftw.exe » CAB » task.xml - archive damaged - the file could not be extracted. C:\Users\Brian\Downloads\jre-6u31-windows-i586-iftw.exe » CAB » task64.xml - archive damaged - the file could not be extracted. C:\Users\Brian\Downloads\jxpiinstall.exe » CAB » jusched - archive damaged - the file could not be extracted. C:\Users\Brian\Downloads\jxpiinstall.exe » CAB » task.xml - archive damaged - the file could not be extracted. C:\Users\Brian\Downloads\jxpiinstall.exe » CAB » task64.xml - archive damaged - the file could not be extracted. C:\Users\Brian\Downloads\Minecraft.exe » ZIP » - archive damaged C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.rar » RAR » Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _detect.dat - error - password-protected file C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.rar » RAR » Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _proj.dat - error - password-protected file C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.rar » RAR » Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _fonts.dat - error - password-protected file C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _detect.dat - error - password-protected file C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _proj.dat - error - password-protected file C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _fonts.dat - error - password-protected file C:\Users\Brian\Downloads\MUSE - The Best Of\CD 2\03 - MUSE - Butterflies and hurricanes.mp3 » ZIP » ppt/media/image5.jpeg - incorrect CRC checksum, the file may be damaged C:\Users\Brian\Downloads\MUSE - The Best Of\CD 2\03 - MUSE - Butterflies and hurricanes.mp3 » ZIP » - archive damaged C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Audio/Click1.ogg - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Audio/High1.ogg - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Audio/Kazdoura.wma - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/autorun.cdd - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Buttons/3_1644.btn - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Buttons/50_1644.btn - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Buttons/7_1644.btn - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Docs/ChattChitto Request.msg - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Docs/ChattChitto.nfo.txt - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Docs/Winamp PRO v5.56.2512.exe - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Icons/favicon.ico - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Images/125even_if_I_have_to.jpg - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Images/600px-Feed_Icon_Bl-Or.png - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Images/btn_donate_SM.gif - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Images/Site Logo With Adsress.JPG - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » autorun.exe - error - password-protected file C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » favicon.ico - error - password-protected file C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4] C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4] C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4] C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4] C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\1508b0e2e7ebf075f41ec8bc4c3806a4673bea2b.HomeGroupClassifier\3f1713d2c87f5a6d368aa4546c979dcd\grouping\db.mdb - error opening [4] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\1508b0e2e7ebf075f41ec8bc4c3806a4673bea2b.HomeGroupClassifier\3f1713d2c87f5a6d368aa4546c979dcd\grouping\edb.log - error opening [4] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\1508b0e2e7ebf075f41ec8bc4c3806a4673bea2b.HomeGroupClassifier\3f1713d2c87f5a6d368aa4546c979dcd\grouping\tmp.edb - error opening [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4] C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4] C:\Windows\System32\catroot2\edb.log - error opening [4] C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4] C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4] C:\Windows\Temp\jar_cache7895105572856913782.tmp » ZIP » nfqunxunourogcotiop/vvaonipnzlcnqsieqcrfxju.class - probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\51660c8f-2e97ae0b » ZIP » main.class - Java/Agent.BV trojan - was a part of the deleted object C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1b77acdf-602748e5 » ZIP » a/Test.class - Java/Exploit.CVE-2012-0507.C trojan - was a part of the deleted object C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1b77acdf-602748e5 » ZIP » a/Help.class - a variant of Java/Exploit.CVE-2012-0507.AG trojan - was a part of the deleted object C:\Windows\Temp\jar_cache7895105572856913782.tmp » ZIP » nfqunxunourogcotiop/vvaonipnzlcnqsieqcrfxju.class - probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan - was a part of the deleted object Number of scanned objects: 428690 Number of threats found: 12 Number of cleaned objects: 12 Time of completion: 6:59:12 PM Total scanning time: 4632 sec (01:17:12) Notes: [1] Object has been deleted as it only contained the virus body. [4] Object cannot be opened. It may be in use by another application or operating system.
  15. brian_vii
    Hey, I am having an issue with google redirect viruses/trojans and rans.gendarm which was picked up by RogueKiller. I ran a scan with ESET which picked up 2 other trojans Olmarik and BHO or BEO something. It deleted/cleaned those for me. I have not touched the rans.gendarm via roguekiller because i'm not sure if i'd screw my computer up by deleting it. This is the RogueKiller Report: RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Brian [Admin rights] Mode : Scan -- Date : 11/10/2012 13:41:11 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] FacebookMessenger.exe -- C:\Users\Brian\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][Rans.Gendarm] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Brian\AppData\Roaming\AVG10\AVG10\hmlxkn.dll",DllRegisterServer) -> FOUND [RUN][Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Brian\AppData\Roaming\AVG10\AVG10\hmlxkn.dll",DllRegisterServer) -> FOUND [sTARTUP][sUSP PATH] Facebook Messenger.lnk @Brian : C:\Users\Brian\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Windows\es.scr) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD10 01FALS-00J7B SCSI Disk Device +++++ --- User --- [MBR] 8412aa878541586e929093f7e78a91e2 [bSP] 48dacca1a32dd45c7c7c2bdaeb9c1bdb : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_S_11102012_02d1341.txt >> RKreport[1]_S_11092012_02d1522.txt ; RKreport[2]_S_11102012_02d1341.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.