[HELP! how to removie rans.gendarm and google redirect viruses]

Everything seems perfectly fine.

I'm going to be purchasing Windows 8 ~ January

I can't thank you enough. I can't believe how many Trojans and rootkits I had on my computer. By the time I got to you, I had removed 4 different ones. Unless, they were all linked.

Normally, i'd instantly reformat the computer, but since my laptop is being repaired, I had no other option for studying for this certification.

I have a backup hard drive, but of course I never used it.

[HELP! how to removie rans.gendarm and google redirect viruses]

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad

c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vmt

c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vtf

c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock_normal.vtf

c:\windows\system32\slmgr.vbs.removewat

c:\windows\syswow64\slmgr.vbs.removewat

scanner sequence 3.EM.11.LSBBKB

----- EOF -----

Goldeneye is a free Halflife2 mod.

[HELP! how to removie rans.gendarm and google redirect viruses]

My computer seems to be running much MUCH faster, and I haven't had any google-redirect issues reoccur.

Not sure if there are any more steps to be done, but THANK YOU SO MUCH. I did NOT want to re-format the computer.

The only issue that occurred was when you had me copy the script showing the build of windows 7600 and 7601 into combofix.

It caused windows to have an not genuine warning, but I fixed that issue (or at least the warning) within 3 mins.

Let me know if there are any more steps I should take to make sure its 100% removed from my computer.

I will definitely be sending you a Paypal reward within the next few days

[HELP! how to removie rans.gendarm and google redirect viruses]

ESET ONLINE SCANNER: No threats detected. There was no button "list of threats found"

I apologize in advance if i blindly missed something. I'll run it again if you request me to. I was unable to find any kind of log from the scan. :/

[HELP! how to removie rans.gendarm and google redirect viruses]

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.11.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Brian :: BRIAN-PC [administrator]

11/11/2012 6:49:49 PM

mbam-log-2012-11-11 (18-49-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 234071

Time elapsed: 4 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[HELP! how to removie rans.gendarm and google redirect viruses]

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 18:46:08

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Brian - BRIAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Brian\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar

Folder Deleted : C:\Program Files (x86)\uTorrentBar

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\Brian\AppData\Local\Conduit

Folder Deleted : C:\Users\Brian\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Brian\AppData\LocalLow\uTorrentBar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB710D1-284A-49DC-9215-732ED0ECA65A}

Key Deleted : HKLM\Software\uTorrentBar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9BB710D1-284A-49DC-9215-732ED0ECA65A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043353E0-023D-4279-8E24-C217692CC4AB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F600EE0B-979E-4E5E-98C1-4209CA465087}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678/ --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\oj3hehmz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [6870 octets] - [11/11/2012 18:46:08]

########## EOF - C:\AdwCleaner[s1].txt - [6930 octets] ##########

[HELP! how to removie rans.gendarm and google redirect viruses]

On both firefox and chrome, when I go to download adwcleaner the browser crashes soon after hitting download

[HELP! how to removie rans.gendarm and google redirect viruses]

ComboFix 12-11-10.02 - Brian 11/11/2012 18:15:22.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2575 [GMT -5:00]

Running from: c:\users\Brian\Desktop\ComboFix.exe

Command switches used :: c:\users\Brian\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\system32\user32.dll

c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll

.

((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))

.

.

2012-11-11 23:22 . 2012-11-11 23:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-11 23:22 . 2012-11-11 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-11 22:20 . 2012-11-11 22:20 -------- d-----w- C:\FRST

2012-11-11 21:55 . 2012-11-11 21:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-11-11 21:55 . 2012-11-11 21:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-11-11 21:55 . 2012-11-11 21:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-11-11 21:55 . 2012-11-11 21:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-11-11 21:55 . 2012-11-11 21:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-11-11 21:55 . 2012-11-11 21:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-11-11 21:55 . 2012-11-11 21:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-11-11 21:54 . 2012-11-11 21:54 -------- d-----w- c:\program files (x86)\QuickTime

2012-11-11 21:53 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-11-11 21:52 . 2012-11-11 21:52 -------- d-----w- c:\program files\iPod

2012-11-11 21:52 . 2012-11-11 21:53 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-11-11 21:52 . 2012-11-11 21:53 -------- d-----w- c:\program files\iTunes

2012-11-11 21:52 . 2012-11-11 21:53 -------- d-----w- c:\program files (x86)\iTunes

2012-11-11 21:24 . 2012-11-11 21:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-11-11 18:43 . 2012-11-11 22:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE5A6C6A-CC09-46E7-9E63-448183D13315}\offreg.dll

2012-11-10 20:44 . 2012-11-10 20:44 -------- dc-h--w- c:\programdata\{93D6607E-CDD1-4873-8FCA-D342BA47CD87}

2012-11-10 20:42 . 2012-11-10 20:42 -------- dc-h--w- c:\programdata\{62889E3B-679B-45F8-A351-AA2FA7EC013C}

2012-11-10 20:39 . 2012-11-10 20:39 -------- dc-h--w- c:\programdata\{53DF9DA2-B01F-423B-A7F6-5DBD67FB89CD}

2012-11-10 19:49 . 2012-11-10 19:49 -------- d-----w- c:\windows\system32\appmgmt

2012-11-10 18:59 . 2012-11-10 18:59 -------- d-----w- c:\program files\Hitman Pro 3.5

2012-11-10 18:50 . 2012-11-10 18:50 -------- d-----w- c:\program files\Enigma Software Group

2012-11-10 18:49 . 2012-11-11 18:32 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

2012-11-10 18:49 . 2012-11-10 18:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-11-10 00:29 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE5A6C6A-CC09-46E7-9E63-448183D13315}\mpengine.dll

2012-11-10 00:12 . 2012-08-20 18:48 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-11-10 00:12 . 2012-08-20 18:48 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-10 00:12 . 2012-08-20 18:48 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-11-10 00:12 . 2012-08-20 18:46 338432 ----a-w- c:\windows\system32\conhost.exe

2012-11-10 00:12 . 2012-08-20 17:37 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-11-10 00:10 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-11-10 00:09 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-11-10 00:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-11-10 00:09 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-11-10 00:09 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll

2012-11-10 00:09 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-11-10 00:09 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-11-10 00:09 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-11-10 00:09 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-11-10 00:09 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-11-10 00:08 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-11-10 00:08 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-11-10 00:08 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-11-10 00:08 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-11-10 00:04 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-11-10 00:04 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-11-10 00:04 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-11-10 00:04 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-11-10 00:04 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-11-10 00:04 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-11-10 00:04 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-11-09 23:02 . 2012-11-09 23:02 -------- d-----w- c:\users\Brian\AppData\Local\ESET

2012-11-09 21:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-11-09 21:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-11-09 21:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-11-09 21:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-11-09 21:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-11-09 21:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-11-09 21:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-11-09 21:38 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-11-09 21:38 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-11-09 21:32 . 2012-11-09 21:32 39184 ----a-w- c:\windows\system32\Partizan.exe

2012-11-09 21:27 . 2012-11-09 21:27 -------- d-----w- c:\program files\ESET

2012-11-09 19:46 . 2012-11-09 19:46 -------- d-----w- c:\program files (x86)\ESET

2012-11-09 19:16 . 2012-11-11 18:31 -------- d-----w- c:\programdata\RegRun

2012-11-09 19:15 . 2012-11-09 19:15 2 --shatr- c:\windows\winstart.bat

2012-11-09 19:15 . 2012-11-11 18:33 -------- d-----w- c:\program files (x86)\UnHackMe

2012-11-09 19:00 . 2012-11-09 19:00 -------- d-----w- c:\users\Brian\AppData\Roaming\AVG2013

2012-11-09 18:58 . 2012-11-09 18:58 -------- d-----w- c:\users\Brian\AppData\Roaming\TuneUp Software

2012-11-09 18:56 . 2012-11-09 21:23 -------- d-----w- c:\programdata\AVG2013

2012-11-09 18:51 . 2012-11-09 18:51 -------- d-----w- c:\users\Brian\AppData\Local\MFAData

2012-11-09 18:51 . 2012-11-09 18:51 -------- d-----w- c:\users\Brian\AppData\Local\Avg2013

2012-11-08 23:43 . 2012-11-10 20:48 -------- d-----w- c:\users\Brian\AppData\Local\Facebook

2012-11-08 23:17 . 2012-11-08 23:17 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-10 19:00 . 2012-03-14 01:01 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2012-11-08 23:17 . 2012-08-20 19:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-11-08 23:17 . 2012-08-20 19:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-08 23:15 . 2012-04-10 19:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-08 23:15 . 2011-12-31 17:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-30 00:54 . 2010-12-07 20:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 05:18 . 2010-01-22 20:11 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-09-01 17:16 . 2012-09-01 17:16 4480000 ----a-w- c:\windows\es.scr

2012-08-21 18:01 . 2010-01-22 20:25 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 18:01 . 2010-01-22 20:25 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 17:38 . 2012-11-10 00:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DevconDefaultDB"="c:\windows\system32\READREG" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Brian\Desktop\Real\WinRing0x64.sys [2008-07-27 14544]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-22 834544]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:15]

.

2012-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000Core.job

- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-22 20:05]

.

2012-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000UA.job

- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-22 20:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.1.1

DPF: {6C8E9E45-538C-473A-B83B-DA9AE1ED7604} - hxxps://insourcers.riahome.com/CABFiles/vspdf.cab

DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} - hxxps://insourcers.riahome.com/CABFiles/vsprint7.cab

DPF: {EBB0431C-10EB-432D-8C53-64BDBEDBD86B} - hxxps://insourcers.riahome.com/CABFiles/xmlgridRS.cab

DPF: {F4721362-90E1-11D4-B547-00105A80AE07} - hxxps://insourcers.riahome.com/CABFiles/RIAInRSImport.cab

DPF: {FE83D8C0-07C7-4915-A6B4-4A6B895E677F} - hxxps://insourcers.riahome.com/CABFiles/vsFlexXMLDSO.cab

FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\oj3hehmz.default\

FF - ExtSQL: 2012-11-10 18:24; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe

AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-11 18:30:23

ComboFix-quarantined-files.txt 2012-11-11 23:30

ComboFix2.txt 2012-11-11 20:23

.

Pre-Run: 783,080,435,712 bytes free

Post-Run: 783,133,372,416 bytes free

.

- - End Of File - - A88716296C3568148FE3E1ECFA4206ED

[HELP! how to removie rans.gendarm and google redirect viruses]

All small bolded darker worded information should be highlighted red. Sorry

[HELP! how to removie rans.gendarm and google redirect viruses]

I ran Hijackthis and copied the log to their website and had it parsed. Here is the parsed information. Maybe this can help.

You can reference this log by going to: http://hjt.iamnotageek.com/log-1029024.html

Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32fxsresm.dll,-' for key 1

Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32psbase.dll,-' for key 1

Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32Locator.exe,-' for key 1

Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32spoolsv.exe,-' for key 1

Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32vssvc.exe,-' for key 1

Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32wbengine.exe,-' for key 1Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:30:38 PM, on 11/11/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Lambers\TestPrep\CMEngine_v10.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2786678/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-5C6AA.exe" /REG /REGSVRMODE

O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - https://insourcers.riahome.com/CABFiles/RSLoginModule.cab

O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - https://insourcers.riahome.com/CABFiles/RSTabbedList.cab

O16 - DPF: {6C8E9E45-538C-473A-B83B-DA9AE1ED7604} (:-) VideoSoft VSPDF 7.0) - https://insourcers.riahome.com/CABFiles/vspdf.cab

O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - https://insourcers.riahome.com/CABFiles/webnotifier.cab

O16 - DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} (:-) VideoSoft VSPrinter 7.0) - https://insourcers.riahome.com/CABFiles/vsprint7.cab

O16 - DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} (:-) VideoSoft FlexGrid 7.0 (Light)) - https://insourcers.riahome.com/CABFiles/vsflex7L.cab

O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - https://insourcers.riahome.com/CABFiles/vsflex7.cab

O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EBB0431C-10EB-432D-8C53-64BDBEDBD86B} (XmlGridRS Class) - https://insourcers.riahome.com/CABFiles/xmlgridRS.cab

O16 - DPF: {F4721362-90E1-11D4-B547-00105A80AE07} (xmlWrapper Class) - https://insourcers.riahome.com/CABFiles/RIAInRSImport.cab

O16 - DPF: {FE83D8C0-07C7-4915-A6B4-4A6B895E677F} (VSFlexDSO Class) - https://insourcers.riahome.com/CABFiles/vsFlexXMLDSO.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

[HELP! how to removie rans.gendarm and google redirect viruses]

ComboFix 12-11-10.01 - Brian 11/11/2012 15:16:18.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2658 [GMT -5:00]

Running from: c:\users\Brian\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Brian\Documents\~WRL1607.tmp

c:\windows\es.exe

c:\windows\pthreadGC2.dll

c:\windows\SysWow64\DEBUG.log

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))

.

.

2012-11-11 22:20 . 2012-11-11 22:20 -------- d-----w- C:\FRST

2012-11-11 20:21 . 2012-11-11 20:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-11 20:21 . 2012-11-11 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-11 20:04 . 2012-11-11 20:04 869376 ----a-w- c:\windows\is-5C6AA.exe

2012-11-10 20:44 . 2012-11-10 20:44 -------- dc-h--w- c:\programdata\{93D6607E-CDD1-4873-8FCA-D342BA47CD87}

2012-11-10 20:42 . 2012-11-10 20:42 -------- dc-h--w- c:\programdata\{62889E3B-679B-45F8-A351-AA2FA7EC013C}

2012-11-10 20:39 . 2012-11-10 20:39 -------- dc-h--w- c:\programdata\{53DF9DA2-B01F-423B-A7F6-5DBD67FB89CD}

2012-11-10 19:49 . 2012-11-10 19:49 -------- d-----w- c:\windows\system32\appmgmt

2012-11-10 18:59 . 2012-11-10 18:59 -------- d-----w- c:\program files\Hitman Pro 3.5

2012-11-10 18:50 . 2012-11-10 18:50 -------- d-----w- c:\program files\Enigma Software Group

2012-11-10 18:49 . 2012-11-11 18:32 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

2012-11-10 18:49 . 2012-11-10 18:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-11-10 00:29 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE5A6C6A-CC09-46E7-9E63-448183D13315}\mpengine.dll

2012-11-10 00:12 . 2012-08-20 18:48 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-11-10 00:12 . 2012-08-20 18:48 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-10 00:12 . 2012-08-20 18:48 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-11-10 00:12 . 2012-08-20 18:46 338432 ----a-w- c:\windows\system32\conhost.exe

2012-11-10 00:12 . 2012-08-20 17:37 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-11-10 00:10 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-11-10 00:09 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-11-10 00:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-11-10 00:09 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-11-10 00:09 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll

2012-11-10 00:09 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-11-10 00:09 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-11-10 00:09 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-11-10 00:09 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-11-10 00:09 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-11-10 00:08 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-11-10 00:08 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-11-10 00:08 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-11-10 00:08 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-11-10 00:04 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-11-10 00:04 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-11-10 00:04 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-11-10 00:04 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-11-10 00:04 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-11-10 00:04 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-11-10 00:04 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-11-09 23:02 . 2012-11-09 23:02 -------- d-----w- c:\users\Brian\AppData\Local\ESET

2012-11-09 21:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-11-09 21:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-11-09 21:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-11-09 21:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-11-09 21:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-11-09 21:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-11-09 21:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-11-09 21:38 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-11-09 21:38 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-11-09 21:32 . 2012-11-09 21:32 39184 ----a-w- c:\windows\system32\Partizan.exe

2012-11-09 21:27 . 2012-11-09 21:27 -------- d-----w- c:\program files\ESET

2012-11-09 19:46 . 2012-11-09 19:46 -------- d-----w- c:\program files (x86)\ESET

2012-11-09 19:16 . 2012-11-11 18:31 -------- d-----w- c:\programdata\RegRun

2012-11-09 19:15 . 2012-11-09 19:15 2 --shatr- c:\windows\winstart.bat

2012-11-09 19:15 . 2012-11-11 18:33 -------- d-----w- c:\program files (x86)\UnHackMe

2012-11-09 19:00 . 2012-11-09 19:00 -------- d-----w- c:\users\Brian\AppData\Roaming\AVG2013

2012-11-09 18:58 . 2012-11-09 18:58 -------- d-----w- c:\users\Brian\AppData\Roaming\TuneUp Software

2012-11-09 18:56 . 2012-11-09 21:23 -------- d-----w- c:\programdata\AVG2013

2012-11-09 18:51 . 2012-11-09 18:51 -------- d-----w- c:\users\Brian\AppData\Local\MFAData

2012-11-09 18:51 . 2012-11-09 18:51 -------- d-----w- c:\users\Brian\AppData\Local\Avg2013

2012-11-08 23:43 . 2012-11-10 20:48 -------- d-----w- c:\users\Brian\AppData\Local\Facebook

2012-11-08 23:17 . 2012-11-08 23:17 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-10 19:00 . 2012-03-14 01:01 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2012-11-08 23:17 . 2012-08-20 19:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-11-08 23:17 . 2012-08-20 19:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-08 23:15 . 2012-04-10 19:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-08 23:15 . 2011-12-31 17:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-30 00:54 . 2010-12-07 20:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 05:18 . 2010-01-22 20:11 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-09-01 17:16 . 2012-09-01 17:16 4480000 ----a-w- c:\windows\es.scr

2012-08-20 17:38 . 2012-11-10 00:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2011-03-13 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[-] 2011-03-13 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"InnoSetupRegFile.0000000001"="c:\windows\is-5C6AA.exe" [2012-11-11 869376]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DevconDefaultDB"="c:\windows\system32\READREG" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Brian\Desktop\Real\WinRing0x64.sys [2008-07-27 14544]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-22 834544]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 73616905

*Deregistered* - 73616905

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:15]

.

2012-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000Core.job

- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-22 20:05]

.

2012-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000UA.job

- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-22 20:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.1.1

DPF: {6C8E9E45-538C-473A-B83B-DA9AE1ED7604} - hxxps://insourcers.riahome.com/CABFiles/vspdf.cab

DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} - hxxps://insourcers.riahome.com/CABFiles/vsprint7.cab

DPF: {EBB0431C-10EB-432D-8C53-64BDBEDBD86B} - hxxps://insourcers.riahome.com/CABFiles/xmlgridRS.cab

DPF: {F4721362-90E1-11D4-B547-00105A80AE07} - hxxps://insourcers.riahome.com/CABFiles/RIAInRSImport.cab

DPF: {FE83D8C0-07C7-4915-A6B4-4A6B895E677F} - hxxps://insourcers.riahome.com/CABFiles/vsFlexXMLDSO.cab

FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sztemzys.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf28f5906-2c96-4968-b15c-3e3ead21c13d%7D&mid=781f85c40e44c8fd6fb1bf3ef7404b16-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.1.0.12〈=en&pr=fr&d=2012-05-23%2018%3A51%3A44&sap=ku&q=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe

AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-11 15:23:39

ComboFix-quarantined-files.txt 2012-11-11 20:23

.

Pre-Run: 780,941,635,584 bytes free

Post-Run: 781,358,047,232 bytes free

.

- - End Of File - - EB342A35353AAF079502D06DD548DB8D

[HELP! how to removie rans.gendarm and google redirect viruses]

Farbar Recovery Scan Tool (x64) Version: 10-11-2012 02

Ran by SYSTEM at 2012-11-11 14:22:58

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2012 02

Ran by SYSTEM at 11-11-2012 14:33:36

Running from F:\

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)

HKLM-x32\...\runonceex: [Flags] 128

HKLM-x32\...\runonceex: [Title] UnHackMe Rootkit Check

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

==================== Services (Whitelisted) ===================

3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151296 2007-04-12] (Creative Technology Ltd)

3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)

3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700200 2007-04-10] (Creative Technology Ltd)

3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)

3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)

3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)

3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)

3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142120 2007-04-10] (Creative Technology Ltd)

3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)

3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)

3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681256 2007-04-10] (Creative Technology Ltd)

2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913144 2012-03-07] (ESET)

==================== Drivers (Whitelisted) =====================

2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [21480 2010-07-09] (Windows ® Win 7 DDK provider)

1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)

1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)

2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-14] (ESET)

0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)

0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-22] (Duplex Secure Ltd.)

3 WinRing0_1_2_0; \??\C:\Users\Brian\Desktop\Real\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)

3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

0 Partizan; C:\Windows\System32\drivers\Partizan.sys [x]

3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-11-11 14:20 - 2012-11-11 14:20 - 00000000 ____D C:\FRST

2012-11-10 15:24 - 2012-11-11 10:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-11-10 12:44 - 2012-11-10 12:44 - 05308955 ____A (LearnForce Partners LLC ) C:\Users\Brian\Downloads\ndb_lamb_cpaaudit_m.exe

2012-11-10 12:44 - 2012-11-10 12:44 - 00000000 __HDC C:\Users\All Users\{93D6607E-CDD1-4873-8FCA-D342BA47CD87}

2012-11-10 12:42 - 2012-11-10 12:42 - 00002017 ____A C:\Users\Public\Desktop\Lambers.lnk

2012-11-10 12:42 - 2012-11-10 12:42 - 00000000 __HDC C:\Users\All Users\{62889E3B-679B-45F8-A351-AA2FA7EC013C}

2012-11-10 12:39 - 2012-11-10 12:39 - 00000000 __HDC C:\Users\All Users\{53DF9DA2-B01F-423B-A7F6-5DBD67FB89CD}

2012-11-10 12:36 - 2012-11-10 12:37 - 13324539 ____A (LearnForce Partners LLC ) C:\Users\Brian\Downloads\ndb_lamb_cpafar_m(1).exe

2012-11-10 12:01 - 2012-11-10 12:01 - 00010945 ____A C:\Users\Brian\Desktop\attach.txt

2012-11-10 12:01 - 2012-11-10 12:00 - 00023675 ____A C:\Users\Brian\Desktop\dds.txt

2012-11-10 11:59 - 2012-11-10 11:59 - 00688901 ____R (Swearware) C:\Users\Brian\Downloads\dds (1).com

2012-11-10 11:50 - 2012-11-10 11:50 - 00002250 ____A C:\Users\Brian\Desktop\RKreport[3]_S_11102012_02d1450.txt

2012-11-10 11:49 - 2012-11-10 11:49 - 00000000 ____D C:\Windows\System32\appmgmt

2012-11-10 11:12 - 2012-11-10 11:13 - 00602112 ____A (OldTimer Tools) C:\Users\Brian\Downloads\OTL.exe

2012-11-10 10:59 - 2012-11-10 10:59 - 00001974 ____A C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

2012-11-10 10:59 - 2012-11-10 10:59 - 00000000 ____D C:\Program Files\Hitman Pro 3.5

2012-11-10 10:57 - 2011-06-23 07:45 - 00000000 ____D C:\Users\Brian\Desktop\fixed by shajt

2012-11-10 10:57 - 2011-06-23 07:39 - 00000515 ____A C:\Users\Brian\Desktop\readme.txt

2012-11-10 10:51 - 2012-11-10 10:51 - 00000000 ____A C:\autoexec.bat

2012-11-10 10:50 - 2012-11-10 10:50 - 00000000 ____D C:\Program Files\Enigma Software Group

2012-11-10 10:49 - 2012-11-11 10:32 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

2012-11-10 10:46 - 2012-11-10 10:46 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Brian\Downloads\SpyHunter-Installer.exe

2012-11-10 10:44 - 2012-11-10 10:46 - 127231689 ____A (Igor Pavlov) C:\Users\Brian\Downloads\OTLPENet.exe

2012-11-10 10:41 - 2012-11-10 10:41 - 00002358 ____A C:\Users\Brian\Desktop\RKreport[2]_S_11102012_02d1341.txt

2012-11-10 10:40 - 2012-11-10 10:40 - 00666112 ____A C:\Users\Brian\Downloads\RogueKiller(1).exe

2012-11-09 19:55 - 2012-11-09 19:55 - 00026866 ____A C:\Users\Brian\Downloads\[HorribleSubs] Fairy Tail - 156 [720p].mkv.torrent

2012-11-09 19:19 - 2012-11-09 19:19 - 00000000 ____D C:\Users\Brian\AppData\Local\{287CE6B3-581D-4134-9483-F0E8D47C0C1D}

2012-11-09 16:17 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-11-09 16:17 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-11-09 16:17 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-11-09 16:17 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-11-09 16:17 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-11-09 16:17 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-11-09 16:17 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-11-09 16:17 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-11-09 16:17 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-11-09 16:17 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-11-09 16:17 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-11-09 16:17 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-11-09 16:17 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-11-09 16:17 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-11-09 16:17 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-11-09 16:17 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-11-09 16:17 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-11-09 16:17 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-11-09 16:17 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-11-09 16:17 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-11-09 16:17 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-11-09 16:17 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-11-09 16:17 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-11-09 16:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-11-09 16:17 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-11-09 16:17 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-11-09 16:17 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-11-09 16:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-11-09 16:17 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-11-09 16:17 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-11-09 16:17 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-11-09 16:17 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-11-09 16:12 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-11-09 16:12 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-11-09 16:12 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-11-09 16:12 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-11-09 16:12 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-11-09 16:12 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-11-09 16:11 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-11-09 16:11 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-11-09 16:11 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-11-09 16:11 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-11-09 16:11 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-11-09 16:11 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-11-09 16:11 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-11-09 16:11 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-11-09 16:11 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-11-09 16:11 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-09 16:11 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-11-09 16:11 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-11-09 16:11 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-11-09 16:10 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2012-11-09 16:10 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-11-09 16:10 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-11-09 16:10 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-11-09 16:10 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-11-09 16:10 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-11-09 16:10 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-11-09 16:10 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-11-09 16:10 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-11-09 16:10 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-11-09 16:10 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-11-09 16:10 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2012-11-09 16:10 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2012-11-09 16:10 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-11-09 16:10 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

2012-11-09 16:10 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-11-09 16:10 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-11-09 16:10 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-11-09 16:10 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-11-09 16:10 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-11-09 16:10 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-11-09 16:10 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-11-09 16:10 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-11-09 16:10 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-11-09 16:10 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-11-09 16:10 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-11-09 16:10 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-11-09 16:10 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-11-09 16:10 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll

2012-11-09 16:10 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2012-11-09 16:10 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-11-09 16:10 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-11-09 16:10 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-11-09 16:10 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-11-09 16:09 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-11-09 16:09 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-11-09 16:09 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-11-09 16:09 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2012-11-09 16:09 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-11-09 16:09 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-11-09 16:09 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-11-09 16:09 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-11-09 16:09 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

2012-11-09 16:08 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-11-09 16:08 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-11-09 16:08 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-11-09 16:08 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-11-09 16:08 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-11-09 16:05 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-11-09 16:05 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-11-09 16:05 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-11-09 16:05 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-11-09 16:05 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-11-09 16:05 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-11-09 16:05 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-11-09 16:05 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-11-09 16:04 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

2012-11-09 16:04 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll

2012-11-09 16:04 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2012-11-09 16:04 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2012-11-09 16:04 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe

2012-11-09 16:04 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe

2012-11-09 16:04 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2012-11-09 15:02 - 2012-11-09 15:02 - 00000000 ____D C:\Users\Brian\AppData\Local\ESET

2012-11-09 14:45 - 2012-11-09 14:45 - 00002324 ____A C:\Windows\epplauncher.mif

2012-11-09 14:44 - 2012-11-09 14:44 - 13529576 ____A (Microsoft Corporation) C:\Users\Brian\Downloads\mseinstall.exe

2012-11-09 13:38 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-11-09 13:38 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-11-09 13:38 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-11-09 13:38 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-11-09 13:38 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-11-09 13:38 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-11-09 13:38 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-11-09 13:38 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-11-09 13:38 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-11-09 13:33 - 2012-11-11 10:31 - 00000252 ____A C:\Windows\SysWOW64\PARTIZAN.TXT

2012-11-09 13:32 - 2012-11-09 13:32 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe

2012-11-09 13:27 - 2012-11-09 13:27 - 00000000 ____D C:\Users\All Users\ESET

2012-11-09 13:27 - 2012-11-09 13:27 - 00000000 ____D C:\Program Files\ESET

2012-11-09 13:22 - 2012-11-09 13:22 - 01378744 ____A (ESET) C:\Users\Brian\Downloads\eset_nod32_antivirus_live_installer(1).exe

2012-11-09 13:15 - 2012-11-09 13:16 - 01378744 ____A (ESET) C:\Users\Brian\Downloads\eset_nod32_antivirus_live_installer.exe

2012-11-09 12:43 - 2012-11-09 12:43 - 02195061 ____A C:\Users\Brian\Downloads\tdsskiller(2).zip

2012-11-09 12:22 - 2012-11-09 12:22 - 00002321 ____A C:\Users\Brian\Desktop\RKreport[1]_S_11092012_02d1522.txt

2012-11-09 12:21 - 2012-11-09 12:22 - 00000000 ____D C:\Users\Brian\Desktop\RK_Quarantine

2012-11-09 12:18 - 2012-11-09 12:18 - 00666112 ____A C:\Users\Brian\Downloads\RogueKiller.exe

2012-11-09 12:08 - 2012-11-09 12:11 - 00002120 ____A C:\scu.dat

2012-11-09 11:46 - 2012-11-09 11:46 - 02322184 ____A (ESET) C:\Users\Brian\Downloads\esetsmartinstaller_enu.exe

2012-11-09 11:46 - 2012-11-09 11:46 - 00000000 ____D C:\Program Files (x86)\ESET

2012-11-09 11:31 - 2012-11-09 11:31 - 00302592 ____A C:\Users\Brian\Downloads\ryjn9ufm.exe

2012-11-09 11:30 - 2012-11-09 11:30 - 00302592 ____A C:\Users\Brian\Downloads\bdv9009d.exe

2012-11-09 11:30 - 2012-11-09 11:30 - 00302592 ____A C:\Users\Brian\Downloads\38oojsdx.exe

2012-11-09 11:16 - 2012-11-11 10:31 - 00000000 ____D C:\Users\All Users\RegRun

2012-11-09 11:15 - 2012-11-11 10:33 - 00000000 ____D C:\Program Files (x86)\UnHackMe

2012-11-09 11:15 - 2012-11-09 11:18 - 00000000 ____D C:\Users\Brian\Documents\RegRun2

2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\winstart.bat

2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT

2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT

2012-11-09 11:15 - 2012-11-03 17:15 - 12585596 ____A (Greatis Software, LLC. ) C:\Users\Brian\Desktop\unhackme_setup.exe

2012-11-09 11:14 - 2012-11-09 11:15 - 12564642 ____A C:\Users\Brian\Downloads\unhackme.zip

2012-11-09 11:00 - 2012-11-09 11:00 - 00000000 ____D C:\Users\Brian\AppData\Roaming\AVG2013

2012-11-09 10:58 - 2012-11-09 10:58 - 00000000 ____D C:\Users\Brian\AppData\Roaming\TuneUp Software

2012-11-09 10:56 - 2012-11-09 13:23 - 00000000 ____D C:\Users\All Users\AVG2013

2012-11-09 10:51 - 2012-11-09 10:51 - 00000000 ____D C:\Users\Brian\AppData\Local\MFAData

2012-11-09 10:51 - 2012-11-09 10:51 - 00000000 ____D C:\Users\Brian\AppData\Local\Avg2013

2012-11-09 10:04 - 2012-11-09 10:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller(2).exe

2012-11-08 15:43 - 2012-11-10 12:48 - 00000000 ____D C:\Users\Brian\AppData\Local\Facebook

2012-11-08 15:43 - 2012-11-09 16:49 - 00000137 ____A C:\Windows\SysWOW64\debug.log

2012-11-08 15:43 - 2012-11-08 15:43 - 00501240 ____A (Facebook Inc.) C:\Users\Brian\Downloads\FacebookMessengerSetup_v1.2.205.0.exe

2012-11-08 15:17 - 2012-11-08 15:17 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== One Month Modified Files and Folders =======

2012-11-11 14:20 - 2012-11-11 14:20 - 00000000 ____D C:\FRST

2012-11-11 11:31 - 2009-07-13 21:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI

2012-11-11 11:30 - 2010-01-22 10:56 - 01267647 ____A C:\Windows\WindowsUpdate.log

2012-11-11 11:28 - 2009-07-13 20:51 - 00056093 ____A C:\Windows\setupact.log

2012-11-11 11:27 - 2012-08-20 10:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-11-11 11:27 - 2010-01-22 14:21 - 00000324 ____A C:\Windows\Tasks\GlaryInitialize.job

2012-11-11 11:27 - 2010-01-22 11:06 - 00000000 ____D C:\Users\All Users\NVIDIA

2012-11-11 11:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-11-11 10:38 - 2012-04-10 11:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-11-11 10:37 - 2012-11-10 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-11-11 10:33 - 2012-11-09 11:15 - 00000000 ____D C:\Program Files (x86)\UnHackMe

2012-11-11 10:32 - 2012-11-10 10:49 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

2012-11-11 10:31 - 2012-11-09 13:33 - 00000252 ____A C:\Windows\SysWOW64\PARTIZAN.TXT

2012-11-11 10:31 - 2012-11-09 11:16 - 00000000 ____D C:\Users\All Users\RegRun

2012-11-11 10:28 - 2010-01-22 12:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000UA.job

2012-11-10 15:19 - 2010-01-22 12:05 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769710056-2214912975-2338223646-1000Core.job

2012-11-10 12:48 - 2012-11-08 15:43 - 00000000 ____D C:\Users\Brian\AppData\Local\Facebook

2012-11-10 12:44 - 2012-11-10 12:44 - 05308955 ____A (LearnForce Partners LLC ) C:\Users\Brian\Downloads\ndb_lamb_cpaaudit_m.exe

2012-11-10 12:44 - 2012-11-10 12:44 - 00000000 __HDC C:\Users\All Users\{93D6607E-CDD1-4873-8FCA-D342BA47CD87}

2012-11-10 12:42 - 2012-11-10 12:42 - 00002017 ____A C:\Users\Public\Desktop\Lambers.lnk

2012-11-10 12:42 - 2012-11-10 12:42 - 00000000 __HDC C:\Users\All Users\{62889E3B-679B-45F8-A351-AA2FA7EC013C}

2012-11-10 12:39 - 2012-11-10 12:39 - 00000000 __HDC C:\Users\All Users\{53DF9DA2-B01F-423B-A7F6-5DBD67FB89CD}

2012-11-10 12:37 - 2012-11-10 12:36 - 13324539 ____A (LearnForce Partners LLC ) C:\Users\Brian\Downloads\ndb_lamb_cpafar_m(1).exe

2012-11-10 12:01 - 2012-11-10 12:01 - 00010945 ____A C:\Users\Brian\Desktop\attach.txt

2012-11-10 12:00 - 2012-11-10 12:01 - 00023675 ____A C:\Users\Brian\Desktop\dds.txt

2012-11-10 11:59 - 2012-11-10 11:59 - 00688901 ____R (Swearware) C:\Users\Brian\Downloads\dds (1).com

2012-11-10 11:50 - 2012-11-10 11:50 - 00002250 ____A C:\Users\Brian\Desktop\RKreport[3]_S_11102012_02d1450.txt

2012-11-10 11:49 - 2012-11-10 11:49 - 00000000 ____D C:\Windows\System32\appmgmt

2012-11-10 11:49 - 2010-01-22 13:34 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Toolbar

2012-11-10 11:13 - 2012-11-10 11:12 - 00602112 ____A (OldTimer Tools) C:\Users\Brian\Downloads\OTL.exe

2012-11-10 11:11 - 2010-01-22 16:04 - 00000000 ____D C:\Windows\pss

2012-11-10 11:00 - 2012-03-13 17:01 - 00023112 ____A C:\Windows\System32\Drivers\hitmanpro35.sys

2012-11-10 11:00 - 2010-01-22 12:12 - 00000000 ____D C:\Users\Brian\AppData\Roaming\uTorrent

2012-11-10 10:59 - 2012-11-10 10:59 - 00001974 ____A C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

2012-11-10 10:59 - 2012-11-10 10:59 - 00000000 ____D C:\Program Files\Hitman Pro 3.5

2012-11-10 10:55 - 2012-03-13 16:59 - 00000000 ____D C:\Users\Brian\Downloads\Hitman Pro 3.5.9 Build 125 (x64) incl crack

2012-11-10 10:51 - 2012-11-10 10:51 - 00000000 ____A C:\autoexec.bat

2012-11-10 10:50 - 2012-11-10 10:50 - 00000000 ____D C:\Program Files\Enigma Software Group

2012-11-10 10:46 - 2012-11-10 10:46 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Brian\Downloads\SpyHunter-Installer.exe

2012-11-10 10:46 - 2012-11-10 10:44 - 127231689 ____A (Igor Pavlov) C:\Users\Brian\Downloads\OTLPENet.exe

2012-11-10 10:41 - 2012-11-10 10:41 - 00002358 ____A C:\Users\Brian\Desktop\RKreport[2]_S_11102012_02d1341.txt

2012-11-10 10:40 - 2012-11-10 10:40 - 00666112 ____A C:\Users\Brian\Downloads\RogueKiller(1).exe

2012-11-10 09:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2012-11-09 19:55 - 2012-11-09 19:55 - 00026866 ____A C:\Users\Brian\Downloads\[HorribleSubs] Fairy Tail - 156 [720p].mkv.torrent

2012-11-09 19:19 - 2012-11-09 19:19 - 00000000 ____D C:\Users\Brian\AppData\Local\{287CE6B3-581D-4134-9483-F0E8D47C0C1D}

2012-11-09 16:49 - 2012-11-08 15:43 - 00000137 ____A C:\Windows\SysWOW64\debug.log

2012-11-09 16:47 - 2009-07-13 20:45 - 00434296 ____A C:\Windows\System32\FNTCACHE.DAT

2012-11-09 16:46 - 2010-01-22 15:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2012-11-09 16:45 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-11-09 16:45 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-11-09 16:44 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal

2012-11-09 16:37 - 2010-01-22 14:05 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-11-09 16:34 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2012-11-09 15:02 - 2012-11-09 15:02 - 00000000 ____D C:\Users\Brian\AppData\Local\ESET

2012-11-09 14:45 - 2012-11-09 14:45 - 00002324 ____A C:\Windows\epplauncher.mif

2012-11-09 14:44 - 2012-11-09 14:44 - 13529576 ____A (Microsoft Corporation) C:\Users\Brian\Downloads\mseinstall.exe

2012-11-09 13:33 - 2010-01-22 11:08 - 00046614 ____A C:\Windows\PFRO.log

2012-11-09 13:32 - 2012-11-09 13:32 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe

2012-11-09 13:27 - 2012-11-09 13:27 - 00000000 ____D C:\Users\All Users\ESET

2012-11-09 13:27 - 2012-11-09 13:27 - 00000000 ____D C:\Program Files\ESET

2012-11-09 13:24 - 2010-10-21 11:15 - 00000000 ____D C:\Users\All Users\MFAData

2012-11-09 13:23 - 2012-11-09 10:56 - 00000000 ____D C:\Users\All Users\AVG2013

2012-11-09 13:22 - 2012-11-09 13:22 - 01378744 ____A (ESET) C:\Users\Brian\Downloads\eset_nod32_antivirus_live_installer(1).exe

2012-11-09 13:16 - 2012-11-09 13:15 - 01378744 ____A (ESET) C:\Users\Brian\Downloads\eset_nod32_antivirus_live_installer.exe

2012-11-09 12:58 - 2012-03-12 21:13 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-11-09 12:43 - 2012-11-09 12:43 - 02195061 ____A C:\Users\Brian\Downloads\tdsskiller(2).zip

2012-11-09 12:22 - 2012-11-09 12:22 - 00002321 ____A C:\Users\Brian\Desktop\RKreport[1]_S_11092012_02d1522.txt

2012-11-09 12:22 - 2012-11-09 12:21 - 00000000 ____D C:\Users\Brian\Desktop\RK_Quarantine

2012-11-09 12:18 - 2012-11-09 12:18 - 00666112 ____A C:\Users\Brian\Downloads\RogueKiller.exe

2012-11-09 12:11 - 2012-11-09 12:08 - 00002120 ____A C:\scu.dat

2012-11-09 11:46 - 2012-11-09 11:46 - 02322184 ____A (ESET) C:\Users\Brian\Downloads\esetsmartinstaller_enu.exe

2012-11-09 11:46 - 2012-11-09 11:46 - 00000000 ____D C:\Program Files (x86)\ESET

2012-11-09 11:31 - 2012-11-09 11:31 - 00302592 ____A C:\Users\Brian\Downloads\ryjn9ufm.exe

2012-11-09 11:30 - 2012-11-09 11:30 - 00302592 ____A C:\Users\Brian\Downloads\bdv9009d.exe

2012-11-09 11:30 - 2012-11-09 11:30 - 00302592 ____A C:\Users\Brian\Downloads\38oojsdx.exe

2012-11-09 11:18 - 2012-11-09 11:15 - 00000000 ____D C:\Users\Brian\Documents\RegRun2

2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\winstart.bat

2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT

2012-11-09 11:15 - 2012-11-09 11:15 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT

2012-11-09 11:15 - 2012-11-09 11:14 - 12564642 ____A C:\Users\Brian\Downloads\unhackme.zip

2012-11-09 11:00 - 2012-11-09 11:00 - 00000000 ____D C:\Users\Brian\AppData\Roaming\AVG2013

2012-11-09 11:00 - 2010-08-25 13:59 - 00000000 ____D C:\Program Files (x86)\AVG

2012-11-09 10:59 - 2010-09-03 18:50 - 00000000 ___HD C:\$AVG

2012-11-09 10:58 - 2012-11-09 10:58 - 00000000 ____D C:\Users\Brian\AppData\Roaming\TuneUp Software

2012-11-09 10:51 - 2012-11-09 10:51 - 00000000 ____D C:\Users\Brian\AppData\Local\MFAData

2012-11-09 10:51 - 2012-11-09 10:51 - 00000000 ____D C:\Users\Brian\AppData\Local\Avg2013

2012-11-09 10:04 - 2012-11-09 10:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller(2).exe

2012-11-08 15:43 - 2012-11-08 15:43 - 00501240 ____A (Facebook Inc.) C:\Users\Brian\Downloads\FacebookMessengerSetup_v1.2.205.0.exe

2012-11-08 15:20 - 2012-05-25 14:44 - 00000000 ____D C:\Users\All Users\Skype

2012-11-08 15:18 - 2012-03-12 15:26 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

2012-11-08 15:18 - 2012-01-17 17:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-08 15:18 - 2010-12-07 12:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-08 15:17 - 2012-11-08 15:17 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-11-08 15:17 - 2012-08-20 11:31 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-11-08 15:17 - 2012-08-20 11:31 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-11-08 15:17 - 2012-08-20 11:31 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-11-08 15:17 - 2010-01-22 15:34 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-11-08 15:17 - 2010-01-22 15:34 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-11-08 15:17 - 2010-01-22 15:34 - 00000000 ____D C:\Program Files (x86)\Java

2012-11-08 15:17 - 2010-01-22 12:05 - 00002483 ____A C:\Users\Brian\Desktop\Google Chrome.lnk

2012-11-08 15:15 - 2012-04-10 11:44 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-11-08 15:15 - 2011-12-31 09:39 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-11-08 15:15 - 2011-05-01 21:57 - 00000000 ____D C:\Users\All Users\Adobe

2012-11-03 17:15 - 2012-11-09 11:15 - 12585596 ____A (Greatis Software, LLC. ) C:\Users\Brian\Desktop\unhackme_setup.exe

2012-10-31 18:49 - 2012-03-13 16:53 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Brian\Desktop\TDSSKiller.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-08 15:17:05

Restore point made on: 2012-11-09 10:56:41

Restore point made on: 2012-11-09 10:57:06

Restore point made on: 2012-11-09 11:19:09

Restore point made on: 2012-11-09 13:18:15

Restore point made on: 2012-11-09 13:23:56

Restore point made on: 2012-11-09 13:34:59

Restore point made on: 2012-11-09 13:38:15

Restore point made on: 2012-11-09 16:12:49

Restore point made on: 2012-11-10 10:50:17

Restore point made on: 2012-11-10 11:49:02

Restore point made on: 2012-11-11 10:32:07

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 4094.49 MB

Available physical RAM: 3478.13 MB

Total Pagefile: 4092.64 MB

Available Pagefile: 3460.86 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:727.44 GB) NTFS

2 Drive e: (Lambers Practice) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

3 Drive f: (STORE N GO) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 1910 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1906 MB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0E

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F STORE N GO FAT Removable 1906 MB Healthy

=========================================================

Last Boot: 2012-11-08 15:37

==================== End Of Log =============================

[HELP! how to removie rans.gendarm and google redirect viruses]

Hey, I am having an issue with google redirect viruses/trojans and rans.gendarm which was picked up by RogueKiller. I ran a scan with ESET which picked up 2 other trojans Olmarik and BHO or BEO something.

It deleted/cleaned those for me.

I have not touched the rans.gendarm via roguekiller because i'm not sure if i'd screw my computer up by deleting it.

This is the RogueKiller Report:. (Below the roguekiller report are the dds and attach text

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Website: http://tigzy.geeksto...roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Brian [Admin rights]

Mode : Scan -- Date : 11/10/2012 13:41:11

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] FacebookMessenger.exe -- C:\Users\Brian\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][Rans.Gendarm] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Brian\AppData\Roaming\AVG10\AVG10\hmlxkn.dll",DllRegisterServer) -> FOUND

[RUN][Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Brian\AppData\Roaming\AVG10\AVG10\hmlxkn.dll",DllRegisterServer) -> FOUND

[sTARTUP][sUSP PATH] Facebook Messenger.lnk @Brian : C:\Users\Brian\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Windows\es.scr) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10 01FALS-00J7B SCSI Disk Device +++++

--- User ---

[MBR] 8412aa878541586e929093f7e78a91e2

[bSP] 48dacca1a32dd45c7c7c2bdaeb9c1bdb : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2]_S_11102012_02d1341.txt >>

RKreport[1]_S_11092012_02d1522.txt ; RKreport[2]_S_11102012_02d1341.txt

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2

Run by Brian at 15:00:13 on 2012-11-10

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1235 [GMT -5:00]

.

AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Becker Professional Education\CPA 2012\BPESelfStudy.exe

C:\Program Files (x86)\Becker Professional Education\CPA 2012\BPESelfStudy.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\Downloads\RogueKiller.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\msiexec.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\AppData\Local\Temp\SHSetup.exe

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\notepad.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Brian\Downloads\OTL.exe

C:\Windows\system32\taskhost.exe

C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678/

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

dRun: [DevconDefaultDB] C:\Windows\System32\READREG /SILENT /FAIL=1

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} - hxxps://insourcers.riahome.com/CABFiles/RSLoginModule.cab

DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} - hxxps://insourcers.riahome.com/CABFiles/RSTabbedList.cab

DPF: {6C8E9E45-538C-473A-B83B-DA9AE1ED7604} - hxxps://insourcers.riahome.com/CABFiles/vspdf.cab

DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} - hxxps://insourcers.riahome.com/CABFiles/webnotifier.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} - hxxps://insourcers.riahome.com/CABFiles/vsprint7.cab

DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} - hxxps://insourcers.riahome.com/CABFiles/vsflex7L.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} - hxxps://insourcers.riahome.com/CABFiles/vsflex7.cab

DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EBB0431C-10EB-432D-8C53-64BDBEDBD86B} - hxxps://insourcers.riahome.com/CABFiles/xmlgridRS.cab

DPF: {F4721362-90E1-11D4-B547-00105A80AE07} - hxxps://insourcers.riahome.com/CABFiles/RIAInRSImport.cab

DPF: {FE83D8C0-07C7-4915-A6B4-4A6B895E677F} - hxxps://insourcers.riahome.com/CABFiles/vsFlexXMLDSO.cab

TCP: NameServer = 10.0.1.1

TCP: Interfaces\{686FB0F5-C2A1-4852-9367-30F27E857263} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{686FB0F5-C2A1-4852-9367-30F27E857263}\C696E6B6379737F5355435F573731393 : DHCPNameServer = 68.87.64.150 68.87.75.198

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -

x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sztemzys.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf28f5906-2c96-4968-b15c-3e3ead21c13d%7D&mid=781f85c40e44c8fd6fb1bf3ef7404b16-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.1.0.12〈=en&pr=fr&d=2012-05-23%2018%3A51%3A44&sap=ku&q=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff8.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff9.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sztemzys.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sztemzys.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Brian\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]

R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-10-22 21480]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]

R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-10-10 1021888]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]

S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2012-11-10 22704]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-13 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-13 1255736]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Brian\Desktop\Real\WinRing0x64.sys [2010-10-21 14544]

.

=============== Created Last 30 ================

.

2012-11-10 19:49:18 -------- d-----w- C:\Windows\System32\appmgmt

2012-11-10 18:59:29 -------- d-----w- C:\Program Files\Hitman Pro 3.5

2012-11-10 18:50:46 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys

2012-11-10 18:50:42 110080 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe

2012-11-10 18:50:42 110080 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe

2012-11-10 18:50:42 110080 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe

2012-11-10 18:50:40 -------- d-----w- C:\sh4ldr

2012-11-10 18:50:40 -------- d-----w- C:\Program Files\Enigma Software Group

2012-11-10 18:49:56 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

2012-11-10 18:49:55 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-11-10 18:06:03 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE5A6C6A-CC09-46E7-9E63-448183D13315}\offreg.dll

2012-11-10 03:22:05 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-11-10 03:19:40 -------- d-----w- C:\Users\Brian\AppData\Local\{287CE6B3-581D-4134-9483-F0E8D47C0C1D}

2012-11-10 00:29:59 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE5A6C6A-CC09-46E7-9E63-448183D13315}\mpengine.dll

2012-11-10 00:12:02 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-10 00:12:02 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-10 00:12:02 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-10 00:12:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-10 00:10:50 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-11-10 00:09:59 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-11-10 00:09:59 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-11-10 00:09:58 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-11-10 00:09:57 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-11-10 00:09:57 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-11-10 00:09:56 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-11-10 00:09:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-11-10 00:09:56 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-11-10 00:09:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-11-10 00:08:43 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-11-10 00:08:43 136704 ----a-w- C:\Windows\System32\browser.dll

2012-11-10 00:08:42 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-11-10 00:04:53 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-11-10 00:04:52 67072 ----a-w- C:\Windows\splwow64.exe

2012-11-10 00:04:52 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-11-10 00:04:52 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-11-10 00:04:50 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-11-10 00:04:50 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-11-10 00:04:48 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-11-09 23:02:47 -------- d-----w- C:\Users\Brian\AppData\Local\ESET

2012-11-09 21:38:40 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-11-09 21:38:28 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-11-09 21:38:18 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-11-09 21:38:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-11-09 21:32:26 39184 ----a-w- C:\Windows\System32\Partizan.exe

2012-11-09 21:27:31 -------- d-----w- C:\Program Files\ESET

2012-11-09 19:46:47 -------- d-----w- C:\Program Files (x86)\ESET

2012-11-09 19:16:03 -------- d-----w- C:\ProgramData\RegRun

2012-11-09 19:16:02 39184 ----a-w- C:\Windows\SysWow64\Partizan.exe

2012-11-09 19:16:02 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys

2012-11-09 19:15:58 2 --shatr- C:\Windows\winstart.bat

2012-11-09 19:15:55 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys

2012-11-09 19:15:52 -------- d-----w- C:\Program Files (x86)\UnHackMe

2012-11-09 19:00:14 -------- d-----w- C:\Users\Brian\AppData\Roaming\AVG2013

2012-11-09 18:58:23 -------- d-----w- C:\Users\Brian\AppData\Roaming\TuneUp Software

2012-11-09 18:56:56 -------- d-----w- C:\ProgramData\AVG2013

2012-11-09 18:51:06 -------- d-----w- C:\Users\Brian\AppData\Local\MFAData

2012-11-09 18:51:06 -------- d-----w- C:\Users\Brian\AppData\Local\Avg2013

2012-11-08 23:43:11 -------- d-----w- C:\Users\Brian\AppData\Local\Facebook

2012-11-08 23:17:43 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

==================== Find3M ====================

.

2012-11-10 19:00:41 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2012-11-08 23:17:40 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-11-08 23:17:40 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-11-08 23:15:44 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-08 23:15:44 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-01 17:16:50 4480000 ----a-w- C:\Windows\es.scr

2012-09-01 17:16:50 4480000 ----a-w- C:\Windows\es.exe

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 15:00:56.82 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/22/2010 1:57:09 PM

System Uptime: 11/10/2012 11:56:43 AM (4 hours ago)

.

Motherboard: EVGA | | nForce 750i SLI

Processor: Intel® Core2 Quad CPU Q9550 @ 2.83GHz | Socket 775 | 2868/337mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 728.106 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: PCI Input Device

Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&14591D7E&0&5180

Manufacturer:

Name: PCI Input Device

PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&14591D7E&0&5180

Service:

.

==== System Restore Points ===================

.

RP140: 11/8/2012 6:16:55 PM - Installed Java 7 Update 9

RP141: 11/9/2012 1:56:32 PM - Installed AVG 2013

RP142: 11/9/2012 1:56:59 PM - Installed AVG 2013

RP143: 11/9/2012 2:19:05 PM - RegRun Virus Scan

RP144: 11/9/2012 4:17:59 PM - Removed AVG 2013

RP145: 11/9/2012 4:23:48 PM - Removed AVG 2013

RP146: 11/9/2012 4:34:48 PM - RegRun Virus Scan

RP147: 11/9/2012 4:38:11 PM - Windows Update

RP148: 11/9/2012 7:12:39 PM - Windows Update

RP149: 11/10/2012 1:50:06 PM - Installed SpyHunter

RP150: 11/10/2012 2:48:51 PM - Removed Facebook Messenger 2.1.4651.0

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

AIM 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Becker's CPA Exam Review - 2012 Edition

Becker's Final Review - 2012 Edition

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 5.0.1

BlackBerry® Media Sync

Bonjour

Counter-Strike: Source

CPA FAR

CPA REG

CPUID CPU-Z 1.55

D3DX10

Diablo III

Download Updater (AOL LLC)

Electric Sheep 2.7b34c

ESET NOD32 Antivirus

ESET Online Scanner v3

EVGA Precision 1.3.3

Glary Utilities Pro 2.16.0.758

GoldenEye: Source - HalfLife 2 Mod

Google Chrome

Hitman Pro 3.5

iTunes

Java 7 Update 9

Java 6 Update 16

Java 6 Update 31 (64-bit)

JavaFX 2.1.1

Junk Mail filter update

Lambers

League of Legends

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA 3D Vision Controller Driver 301.42

NVIDIA 3D Vision Driver 301.42

NVIDIA Control Panel 301.42

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA Graphics Driver 301.42

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.8.15

NVIDIA Update Components

ONESOURCE 2008 Client

ONESOURCE 2009 Client

Pando Media Booster

PeerGuardian 2.0

QuickTime

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skype Click to Call

Skype™ 5.9

Source SDK Base 2007

SpeedFan (remove only)

SpyHunter

StarCraft II

Steam

Team Fortress 2

The Witcher: Enhanced Edition

UnHackMe 5.99 release

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

uTorrentBar Toolbar

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR archiver

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

11/9/2012 5:25:19 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

11/9/2012 4:28:14 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/9/2012 2:01:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.

11/9/2012 2:01:30 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/9/2012 1:39:31 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

11/9/2012 1:03:37 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

11/10/2012 11:59:25 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/10/2012 11:59:25 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

.

==== End Of File ===========================

[HELP! how to removie rans.gendarm and google redirect viruses]

Log from ESET NOD32

Scan Log

Version of virus signature database: 7678 (20121109)

Date: 11/9/2012 Time: 5:42:00 PM

Scanned disks, folders and files: Operating memory;Boot sector;C:\Boot sector;C:\;D:\Boot sector;D:\

C:\hiberfil.sys - error opening [4]

C:\pagefile.sys - error opening [4]

C:\Program Files (x86)\Riot Games\League of Legends\game\HeroPak_client.zip » ZIP » DATA\Particles\leaf_test.troy - archive damaged - the file could not be extracted.

C:\Program Files (x86)\Steam\steamapps\warrior898\counter-strike source\cstrike\cache\de_season.bsp.bz20000 » BZ2 » de_season.bsp.bz20000 - unpack error

C:\Program Files (x86)\Steam\steamapps\warrior898\team fortress 2\tf\cache\cp_gullywash_imp3.bsp.bz20000 » BZ2 » cp_gullywash_imp3.bsp.bz20000 - unpack error

C:\Program Files (x86)\Steam\steamapps\warrior898\team fortress 2\tf\cache\cp_kakariko_a3.bsp.bz20000 » BZ2 » cp_kakariko_a3.bsp.bz20000 - unpack error

C:\Program Files (x86)\Steam\steamapps\warrior898\team fortress 2\tf\cache\mariointro.mp3.bz20000 » BZ2 » mariointro.mp3.bz20000 - unpack error

C:\Program Files (x86)\Steam\steamapps\warrior898\team fortress 2\tf\cache\scout_domination.vvd.bz20000 » BZ2 » scout_domination.vvd.bz20000 - unpack error

C:\ProgramData\Blizzard Entertainment\StarCraft II\Versions\Shaders14513\userCache.bin » SMARTINSTALLMAKER;VER=2 - error - unknown compression method

C:\ProgramData\Blizzard Entertainment\StarCraft II\Versions\Shaders14515\userCache.bin » SMARTINSTALLMAKER;VER=2 - error - unknown compression method

C:\ProgramData\MFAData\SelfUpd\avgsbfree_us.mht » MIME - is OK (internal scanning not performed)

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]

C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]

C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0000.dta - Win32/Olmarik.AWO trojan - cleaned by deleting - quarantined [1]

C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0001.dta - Win64/Olmarik.AD trojan - cleaned by deleting - quarantined [1]

C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0002.dta - Win32/Olmarik.AYH trojan - cleaned by deleting - quarantined [1]

C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0003.dta - Win64/Olmarik.AG trojan - cleaned by deleting - quarantined [1]

C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0004.dta - a variant of Win32/Rootkit.Kryptik.LH trojan - cleaned by deleting - quarantined [1]

C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0005.dta - Win64/Olmarik.AF trojan - cleaned by deleting - quarantined [1]

C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0009.dta - Win32/Olmarik.AWO trojan - cleaned by deleting - quarantined [1]

C:\TDSSKiller_Quarantine\09.11.2012_15.46.49\tdlfs0000\tsk0010.dta - Win64/Olmarik.X trojan - cleaned by deleting - quarantined [1]

C:\Users\All Users\Blizzard Entertainment\StarCraft II\Versions\Shaders14513\userCache.bin » SMARTINSTALLMAKER;VER=2 - error - unknown compression method

C:\Users\All Users\Blizzard Entertainment\StarCraft II\Versions\Shaders14515\userCache.bin » SMARTINSTALLMAKER;VER=2 - error - unknown compression method

C:\Users\All Users\MFAData\SelfUpd\avgsbfree_us.mht » MIME - is OK (internal scanning not performed)

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]

C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]

C:\Users\Brian\NTUSER.DAT - error opening [4]

C:\Users\Brian\ntuser.dat.LOG1 - error opening [4]

C:\Users\Brian\ntuser.dat.LOG2 - error opening [4]

C:\Users\Brian\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001cc » GZIP » f_0001cc - archive damaged

C:\Users\Brian\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\Users\Brian\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]

C:\Users\Brian\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]

C:\Users\Brian\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]

C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S5B2OB25\AppleMobileDeviceSupport64[1].msi » MSI - archive damaged - the file could not be extracted.

C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BEC73915-AB80-44EC-BE99-3124CF153D9C}.tmp - error opening [4]

C:\Users\Brian\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe » CAB » jusched - archive damaged - the file could not be extracted.

C:\Users\Brian\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe » CAB » task.xml - archive damaged - the file could not be extracted.

C:\Users\Brian\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe » CAB » task64.xml - archive damaged - the file could not be extracted.

C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\51660c8f-2e97ae0b » ZIP » main.class - Java/Agent.BV trojan

C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1b77acdf-602748e5 » ZIP » a/Test.class - Java/Exploit.CVE-2012-0507.C trojan

C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1b77acdf-602748e5 » ZIP » a/Help.class - a variant of Java/Exploit.CVE-2012-0507.AG trojan

C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sztemzys.default\parent.lock - error opening [4]

C:\Users\Brian\Desktop\Minecraft.exe » ZIP » - archive damaged

C:\Users\Brian\Desktop\RemoveWAT 2.2.7 (2012).rar » RAR » Windows 7 Remove WAT 2012.rar » RAR » RemoveWAT\RemoveWAT.exe - Incorrect file checksum (CRC); the file is probably password protected.

C:\Users\Brian\Desktop\RemoveWAT 2.2.7 (2012)\Windows 7 Remove WAT 2012.rar » RAR » RemoveWAT\RemoveWAT.exe - Incorrect file checksum (CRC); the file is probably password protected.

C:\Users\Brian\Downloads\jre-6u31-windows-i586-iftw.exe » CAB » jusched - archive damaged - the file could not be extracted.

C:\Users\Brian\Downloads\jre-6u31-windows-i586-iftw.exe » CAB » task.xml - archive damaged - the file could not be extracted.

C:\Users\Brian\Downloads\jre-6u31-windows-i586-iftw.exe » CAB » task64.xml - archive damaged - the file could not be extracted.

C:\Users\Brian\Downloads\jxpiinstall.exe » CAB » jusched - archive damaged - the file could not be extracted.

C:\Users\Brian\Downloads\jxpiinstall.exe » CAB » task.xml - archive damaged - the file could not be extracted.

C:\Users\Brian\Downloads\jxpiinstall.exe » CAB » task64.xml - archive damaged - the file could not be extracted.

C:\Users\Brian\Downloads\Minecraft.exe » ZIP » - archive damaged

C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.rar » RAR » Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _detect.dat - error - password-protected file

C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.rar » RAR » Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _proj.dat - error - password-protected file

C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.rar » RAR » Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _fonts.dat - error - password-protected file

C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _detect.dat - error - password-protected file

C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _proj.dat - error - password-protected file

C:\Users\Brian\Downloads\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees\Glary Utilities PRO v 2.16.0.758 + Serial By trees.exe » ZIP » AutoPlay/autorun.cdd » ZIP » _fonts.dat - error - password-protected file

C:\Users\Brian\Downloads\MUSE - The Best Of\CD 2\03 - MUSE - Butterflies and hurricanes.mp3 » ZIP » ppt/media/image5.jpeg - incorrect CRC checksum, the file may be damaged

C:\Users\Brian\Downloads\MUSE - The Best Of\CD 2\03 - MUSE - Butterflies and hurricanes.mp3 » ZIP » - archive damaged

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Audio/Click1.ogg - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Audio/High1.ogg - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Audio/Kazdoura.wma - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/autorun.cdd - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Buttons/3_1644.btn - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Buttons/50_1644.btn - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Buttons/7_1644.btn - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Docs/ChattChitto Request.msg - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Docs/ChattChitto.nfo.txt - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Docs/Winamp PRO v5.56.2512.exe - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Icons/favicon.ico - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Images/125even_if_I_have_to.jpg - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Images/600px-Feed_Icon_Bl-Or.png - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Images/btn_donate_SM.gif - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » AutoPlay/Images/Site Logo With Adsress.JPG - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » autorun.exe - error - password-protected file

C:\Users\Brian\Downloads\Winamp PRO v5.56.2512 + Serials By ChattChitto\Winamp PRO v5.56.2512 + Serials By ChattChitto.exe » ZIP » favicon.ico - error - password-protected file

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\1508b0e2e7ebf075f41ec8bc4c3806a4673bea2b.HomeGroupClassifier\3f1713d2c87f5a6d368aa4546c979dcd\grouping\db.mdb - error opening [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\1508b0e2e7ebf075f41ec8bc4c3806a4673bea2b.HomeGroupClassifier\3f1713d2c87f5a6d368aa4546c979dcd\grouping\edb.log - error opening [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\1508b0e2e7ebf075f41ec8bc4c3806a4673bea2b.HomeGroupClassifier\3f1713d2c87f5a6d368aa4546c979dcd\grouping\tmp.edb - error opening [4]

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4]

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]

C:\Windows\System32\catroot2\edb.log - error opening [4]

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]

C:\Windows\Temp\jar_cache7895105572856913782.tmp » ZIP » nfqunxunourogcotiop/vvaonipnzlcnqsieqcrfxju.class - probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan

C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\51660c8f-2e97ae0b » ZIP » main.class - Java/Agent.BV trojan - was a part of the deleted object

C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1b77acdf-602748e5 » ZIP » a/Test.class - Java/Exploit.CVE-2012-0507.C trojan - was a part of the deleted object

C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1b77acdf-602748e5 » ZIP » a/Help.class - a variant of Java/Exploit.CVE-2012-0507.AG trojan - was a part of the deleted object

C:\Windows\Temp\jar_cache7895105572856913782.tmp » ZIP » nfqunxunourogcotiop/vvaonipnzlcnqsieqcrfxju.class - probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan - was a part of the deleted object

Number of scanned objects: 428690

Number of threats found: 12

Number of cleaned objects: 12

Time of completion: 6:59:12 PM Total scanning time: 4632 sec (01:17:12)

Notes:

[1] Object has been deleted as it only contained the virus body.

[4] Object cannot be opened. It may be in use by another application or operating system.

[HELP! how to removie rans.gendarm and google redirect viruses]

Hey, I am having an issue with google redirect viruses/trojans and rans.gendarm which was picked up by RogueKiller. I ran a scan with ESET which picked up 2 other trojans Olmarik and BHO or BEO something.

It deleted/cleaned those for me.

I have not touched the rans.gendarm via roguekiller because i'm not sure if i'd screw my computer up by deleting it.

This is the RogueKiller Report:

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Brian [Admin rights]

Mode : Scan -- Date : 11/10/2012 13:41:11

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] FacebookMessenger.exe -- C:\Users\Brian\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][Rans.Gendarm] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Brian\AppData\Roaming\AVG10\AVG10\hmlxkn.dll",DllRegisterServer) -> FOUND

[RUN][Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Brian\AppData\Roaming\AVG10\AVG10\hmlxkn.dll",DllRegisterServer) -> FOUND

[sTARTUP][sUSP PATH] Facebook Messenger.lnk @Brian : C:\Users\Brian\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Windows\es.scr) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10 01FALS-00J7B SCSI Disk Device +++++

--- User ---

[MBR] 8412aa878541586e929093f7e78a91e2

[bSP] 48dacca1a32dd45c7c7c2bdaeb9c1bdb : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2]_S_11102012_02d1341.txt >>

RKreport[1]_S_11092012_02d1522.txt ; RKreport[2]_S_11102012_02d1341.txt