Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Browser Redirect


(!)

tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
26-Apr-2012, 05:25 PM #61
Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-26 18:24:20 R:1
Running from G:\

==============================================

Could not find Replace: .
Could not find Replace: .
C:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\Windows\SysWOW64\User32.dll not found.
C:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll c:\windows\system32\user32.dll not found.

==== End of Fixlog ====
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
27-Apr-2012, 05:31 AM #62
Hi again

My apologies I copied and pasted the wrong file names. I need to check the correct file names..


In Vista or Windows 7: Boot to System Recovery Options and run FRST.
Type the following in the edit box after "Search:".

user32.dll*


It then should look like:

Search: user32.dll*

Click Search button and post the log (Search.txt) it makes to your reply.
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
27-Apr-2012, 10:04 AM #63
Hi. I'll get to this tomorrow. If I don't get to it I'll at least check in. BTW she's getting popups now! Talk to you tomorrow. Thanks!
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
27-Apr-2012, 10:45 AM #64
No worries.

I will be away for most of tomorrow so it might be Sunday before I can reply.
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
28-Apr-2012, 08:45 AM #65
ok thanks!
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
29-Apr-2012, 08:37 PM #66
Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 29-04-2012 21:31:29
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2184520 2009-03-23] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-03-17] (CANON INC.)
HKLM-x32\...\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe [2861624 2009-04-07] (ASUSTek.)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-07] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8392704 2009-03-04] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Turbo Gear Help] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [1026048 2009-08-05] ()
HKLM-x32\...\Run: [Turbo Gear] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" -r [2987520 2009-08-05] ()
HKLM-x32\...\Run: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe [139264 2008-08-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKU\Lyn\...\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe [862032 2010-11-18] (Storage Appliance Corp.)
HKU\Lyn\...\Run: [chromium] C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window [1224176 2012-04-11] (Google Inc.)
HKU\Lyn\...\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" [435672 2011-11-14] (TomTom)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-23] (Adobe Systems Incorporated)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 CFUACProxy_officeguardianv2n; "C:\ProgramData\OfficeGuardianV2N\UACProxy.exe" -s "-pC:\ProgramData\OfficeGuardianV2N" [83792 2010-11-18] (Storage Appliance Corp.)
3 DAUpdaterSvc; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
2 NPWService; C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe [788480 2009-01-15] ()
2 SacNetAgentService_C57C4F854F53; C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [163664 2010-11-18] (Storage Appliance Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 spmgr; C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2009-10-12] ()
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-03-30] (Windows (R) Win 7 DDK provider)
1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)
3 enecir; C:\Windows\System32\Drivers\enecir.sys [70656 2009-05-20] (ENE TECHNOLOGY INC.)
3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-01-06] ( )
3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [197632 2009-01-16] ( )
2 ghaio; \??\C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2009-10-12] ()
0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [16440 2009-04-01] (Windows (R) Win 7 DDK provider)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 mcdbus; C:\Windows\SysWow64\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 salmosa; C:\Windows\System32\Drivers\salmosa.sys [11904 2008-03-20] (Razer (Asia-Pacific) Pte Ltd)
2 SBKUPNT; C:\Windows\SysWow64\Drivers\SBKUPNT.sys [14976 2001-07-13] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-25 23:25 - 2009-10-10 18:15 - 0000000 ____D C:\FRST
2012-04-25 03:17 - 2012-03-14 08:33 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-24 14:56 - 2011-09-22 03:27 - 0139264 ____A C:\Users\Lyn\Desktop\SystemLook.exe
2012-04-24 12:23 - 2009-10-05 17:53 - 0024410 ____A C:\ComboFix.txt
2012-04-23 18:25 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-23 18:25 - 2009-06-10 13:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-23 18:25 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-23 18:03 - 2012-04-23 18:16 - 0594944 ____A (OldTimer Tools) C:\Users\Lyn\Desktop\OTL.exe
2012-04-18 08:42 - 2012-04-07 10:35 - 0208896 ____A C:\Windows\MBR.exe
2012-04-18 08:42 - 2009-10-14 13:32 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-18 08:42 - 2009-07-13 23:50 - 0080412 ____A C:\Windows\grep.exe
2012-04-18 08:42 - 2009-07-13 23:46 - 0098816 ____A C:\Windows\sed.exe
2012-04-18 08:42 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe
2012-04-18 08:42 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-18 08:42 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-18 08:42 - 2000-07-14 20:00 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-18 08:40 - - 4474448 ____R (Swearware) C:\Users\Lyn\Desktop\ComboFix.exe
2012-04-13 07:05 - - 0000937 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
2012-04-13 06:30 - 2012-04-29 04:07 - 0000000 ____D C:\Perfect World Entertainment
2012-04-13 06:21 - 2009-07-13 17:16 - 0258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-04-13 04:52 - 2011-07-27 17:13 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-13 04:52 - 2011-07-27 17:13 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-13 04:52 - 2011-02-15 10:24 - 0000000 ____D C:\Users\Lyn\AppData\Local\PMB Files
2012-04-11 23:23 - 2009-10-05 18:03 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-04-10 21:26 - 2012-03-29 11:34 - 0357766 ____A C:\Users\Lyn\Desktop\HostsXpert.zip
2012-04-10 12:50 - 2009-07-13 21:08 - 0000000 ____D C:\Users\Public\Documents\skyrim-verified
2012-04-07 10:35 - 2012-04-07 10:35 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-07 10:35 - 2010-03-03 23:57 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-07 10:35 - 2010-03-03 23:33 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-07 10:35 - 2009-10-05 19:06 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-07 10:35 - 2009-10-05 19:06 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-07 10:35 - 2009-07-13 19:20 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-07 10:35 - 2009-07-13 19:20 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-07 10:35 - 2009-07-13 19:20 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-07 10:35 - 2009-07-13 19:20 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-07 10:35 - 2009-07-13 17:41 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-07 10:35 - 2009-07-13 17:40 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-07 10:35 - 2009-07-13 17:39 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-07 10:35 - 2009-07-13 17:39 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-07 10:35 - 2009-07-13 17:39 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2009-07-13 17:39 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-07 10:35 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-07 10:35 - 2009-07-13 17:38 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-07 10:35 - 2009-07-13 17:38 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-07 10:35 - 2009-07-13 17:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-07 10:35 - 2009-07-13 17:16 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-07 10:35 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-07 10:35 - 2009-07-13 17:16 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-07 10:35 - 2009-07-13 17:16 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 10:35 - 2009-07-13 17:14 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-07 10:35 - 2009-07-13 17:14 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-07 10:35 - 2009-07-13 17:14 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-07 10:35 - 2009-07-13 17:14 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-07 10:35 - 2009-07-13 15:55 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-07 10:35 - 2009-07-13 15:40 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-07 10:35 - 2009-07-13 15:31 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-07 10:35 - 2009-07-13 15:19 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-07 10:35 - 2009-07-13 12:49 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-07 10:35 - 2009-06-10 13:14 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-07 10:35 - 2009-06-10 12:30 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-04-07 10:34 - 2012-04-07 10:34 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-07 10:34 - 2010-11-03 22:48 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-07 10:34 - 2009-10-30 21:45 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-04-07 10:34 - 2009-07-13 17:41 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-07 10:34 - 2009-07-13 17:41 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-04-07 10:34 - 2009-07-13 17:41 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 1540608 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-07 10:34 - 2009-07-13 17:39 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-04-07 10:34 - 2009-07-13 17:39 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-07 10:34 - 2009-07-13 17:16 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-04-07 10:34 - 2009-07-13 17:16 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-07 10:34 - 2009-07-13 15:38 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-07 10:32 - 2009-07-13 17:39 - 0004118 ____A C:\Windows\IE9_main.log
2012-04-07 05:44 - 2011-04-29 10:10 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-07 05:37 - 2012-02-25 09:19 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-04-07 05:37 - 2011-07-23 07:04 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-04-07 05:37 - 2011-03-06 06:19 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-04-07 05:37 - 2011-03-06 06:19 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-04-07 05:37 - 2009-07-13 20:54 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-04-07 05:36 - 2010-03-25 13:51 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-07 05:36 - - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-01 11:06 - 2011-03-08 21:02 - 0000000 ____D C:\Users\Lyn\Desktop\New folder
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-30 08:03 - 2011-01-19 13:22 - 0000162 ___AH C:\Users\Lyn\Desktop\~$rvice Plan.rtf


============ 3 Months Modified Files and Folders =============

2012-04-29 21:31 - 2012-04-25 23:25 - 0000000 ____D C:\FRST
2012-04-29 17:29 - 2009-10-05 19:05 - 1331527 ____A C:\Windows\WindowsUpdate.log
2012-04-29 17:24 - 2010-10-18 07:59 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
2012-04-29 17:11 - 2012-04-23 18:25 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-29 13:01 - 2012-04-29 13:01 - 0014399 ____A C:\Users\Lyn\Desktop\evolution-b6u3jmn1j-271148-475-286.jpg
2012-04-29 05:24 - 2010-10-18 07:59 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
2012-04-29 04:07 - 2012-02-27 05:04 - 0005600 ____A C:\Windows\setupact.log
2012-04-29 04:07 - 2009-10-05 19:01 - 536109056 __ASH C:\hiberfil.sys
2012-04-29 04:07 - 2009-10-05 16:59 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-29 04:07 - 2009-10-05 16:59 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-29 04:07 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-27 19:37 - 2009-10-07 15:02 - 0000000 ____D C:\Users\Lyn\Desktop\Random Writing
2012-04-26 14:29 - 2009-08-03 09:13 - 0732750 ____A C:\Windows\System32\perfh019.dat
2012-04-26 14:29 - 2009-08-03 09:13 - 0154362 ____A C:\Windows\System32\perfc019.dat
2012-04-26 14:29 - 2009-07-13 21:13 - 1668226 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-25 03:17 - 2012-04-25 03:17 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-24 14:56 - 2012-04-24 14:56 - 0139264 ____A C:\Users\Lyn\Desktop\SystemLook.exe
2012-04-24 12:23 - 2012-04-24 12:23 - 0024410 ____A C:\ComboFix.txt
2012-04-24 12:23 - 2012-03-25 17:04 - 0000000 ____D C:\Qoobox
2012-04-24 12:05 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-24 12:03 - 2012-02-27 05:04 - 0011908 ____A C:\Windows\PFRO.log
2012-04-24 11:52 - 2012-04-18 08:40 - 4474448 ____R (Swearware) C:\Users\Lyn\Desktop\ComboFix.exe
2012-04-24 01:48 - 2009-10-12 19:27 - 0001725 ____A C:\Windows\System32\ServiceFilter.ini
2012-04-23 18:25 - 2012-04-23 18:25 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-23 18:25 - 2012-04-23 18:25 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-23 18:25 - 2011-06-23 09:12 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-23 18:16 - 2012-04-01 11:06 - 0000000 ____D C:\Users\Lyn\Desktop\New folder
2012-04-23 18:03 - 2012-04-23 18:03 - 0594944 ____A (OldTimer Tools) C:\Users\Lyn\Desktop\OTL.exe
2012-04-20 10:21 - 2009-10-05 17:43 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-20 10:21 - 2009-10-05 17:43 - 0000000 ____D C:\ProgramData\Adobe
2012-04-20 10:20 - 2009-10-05 16:52 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\Adobe
2012-04-13 19:11 - 2012-04-13 04:52 - 0000000 ____D C:\Users\Lyn\AppData\Local\PMB Files
2012-04-13 07:05 - 2012-04-13 07:05 - 0000937 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
2012-04-13 06:30 - 2012-04-13 06:30 - 0000000 ____D C:\Perfect World Entertainment
2012-04-13 05:00 - 2012-04-13 06:21 - 0258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-04-13 04:53 - 2012-04-13 04:52 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-13 04:53 - 2012-04-13 04:52 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-11 23:23 - 2012-04-11 23:23 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-04-11 23:21 - 2012-04-10 12:50 - 0000000 ____D C:\Users\Public\Documents\skyrim-verified
2012-04-10 23:38 - 2009-07-13 20:45 - 0019792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-10 23:38 - 2009-07-13 20:45 - 0019792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-10 21:26 - 2012-04-10 21:26 - 0357766 ____A C:\Users\Lyn\Desktop\HostsXpert.zip
2012-04-10 13:02 - 2012-04-07 05:37 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-04-10 13:02 - 2012-04-07 05:37 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-04-10 13:02 - 2012-04-07 05:37 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-04-09 14:57 - 2009-10-05 16:46 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-09 05:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-04-07 10:42 - 2009-10-12 19:27 - 0002192 ____A C:\Windows\System32\AutoRunFilter.ini
2012-04-07 10:41 - 2009-10-05 20:01 - 0000000 ____D C:\Windows\Panther
2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-07 10:38 - 2012-04-07 10:32 - 0004118 ____A C:\Windows\IE9_main.log
2012-04-07 10:35 - 2012-04-07 10:35 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-07 10:35 - 2012-04-07 10:35 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-07 10:35 - 2012-04-07 10:35 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-07 10:35 - 2012-04-07 10:35 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-07 10:35 - 2012-04-07 10:35 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-07 10:35 - 2012-04-07 10:35 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-07 10:34 - 2012-04-07 10:34 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-04-07 10:34 - 2012-04-07 10:34 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-04-07 10:34 - 2012-04-07 10:34 - 1540608 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-07 10:34 - 2012-04-07 10:34 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-04-07 10:34 - 2012-04-07 10:34 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-07 05:44 - 2012-04-07 05:44 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-07 05:37 - 2012-04-07 05:37 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-04-07 05:37 - 2012-04-07 05:37 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-04-07 05:36 - 2012-04-07 05:36 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-07 05:36 - 2012-04-07 05:36 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-07 05:36 - 2009-10-05 17:41 - 0000000 ____D C:\Users\Lyn\AppData\Local\Adobe
2012-04-05 15:34 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-02 16:31 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-04-01 16:42 - 2010-07-27 15:35 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\vlc
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-31 07:14 - 2012-03-25 17:04 - 0000000 ____D C:\Windows\ERDNT
2012-03-31 07:14 - 2009-07-13 18:34 - 68419584 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 17301504 ____A C:\Windows\System32\config\SYSTEM.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-03-30 08:03 - 2012-03-30 08:03 - 0000162 ___AH C:\Users\Lyn\Desktop\~$rvice Plan.rtf
2012-03-29 13:55 - 2009-10-13 20:19 - 0000000 ____D C:\Users\Lyn\AppData\Local\ElevatedDiagnostics
2012-03-29 13:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-29 11:34 - 2012-03-29 11:34 - 0011678 ____A C:\Users\Lyn\Desktop\Hi Inge.docx
2012-03-25 17:47 - 2012-03-25 17:47 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\ProgramData\AVAST Software
2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\Program Files\AVAST Software
2012-03-25 17:37 - 2011-12-11 07:25 - 0002324 ____A C:\Windows\epplauncher.mif
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\Users\All Users\avg8
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\Users\All Users\AVG Security Toolbar
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\ProgramData\avg8
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\ProgramData\AVG Security Toolbar
2012-03-25 17:21 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-15 02:57 - 2010-03-21 18:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-14 08:33 - 2009-10-13 08:11 - 0000000 ____D C:\$AVG8.VAULT$
2012-03-12 05:26 - 2011-12-05 06:44 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-03-12 05:26 - 2011-12-05 06:44 - 0000000 ____D C:\ProgramData\AVG Secure Search
2012-03-11 06:51 - 2009-10-05 16:40 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-03-06 15:15 - 2012-03-25 17:47 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-03-25 17:46 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-03-25 17:46 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-03-25 17:47 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-03-25 17:47 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-03-25 17:47 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-03-25 17:47 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-03-25 17:47 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-03-25 17:47 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-01 05:28 - 2010-02-01 12:47 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-01 05:28 - 2010-02-01 12:47 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-02-27 17:34 - 2012-02-27 17:34 - 0000010 ____A C:\Users\Public\homegroup.txt
2012-02-27 12:24 - 2009-07-13 21:08 - 0032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-27 05:04 - 2012-02-27 05:04 - 0000000 ____A C:\Windows\setuperr.log
2012-02-27 05:04 - 2011-12-07 17:01 - 0000000 ____D C:\Program Files (x86)\Iminent
2012-02-26 13:56 - 2012-02-26 13:56 - 0001047 ____A C:\Users\Public\DriverTuner.lnk
2012-02-26 13:56 - 2012-02-26 13:56 - 0000000 ____D C:\Program Files (x86)\DriverTuner
2012-02-26 13:47 - 2012-02-26 13:47 - 0000249 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-02-26 13:42 - 2012-02-26 13:42 - 0004478 ____A C:\Users\Lyn\Documents\cc_20120226_164250.reg
2012-02-26 13:42 - 2009-10-05 16:44 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\BitTorrent
2012-02-26 13:41 - 2009-10-05 18:25 - 0000000 ____D C:\Windows\Minidump
2012-02-26 13:40 - 2011-12-07 18:55 - 0000000 ____D C:\Program Files\CCleaner
2012-02-26 13:05 - 2012-02-26 13:05 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-26 13:05 - 2012-02-26 13:05 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-26 13:05 - 2012-02-26 13:05 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-26 13:05 - 2010-06-01 10:52 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-26 13:03 - 2009-10-11 11:25 - 0000000 ____D C:\Program Files (x86)\Java
2012-02-26 11:16 - 2012-02-26 11:16 - 0000000 ____D C:\Users\Public\HIJACK
2012-02-25 09:19 - 2012-02-25 09:19 - 0001113 ____A C:\Users\Public\Malwarebytes Anti-Malware.lnk
2012-02-25 09:19 - 2010-02-01 13:27 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-23 06:18 - 2009-10-05 16:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-11 20:43 - 2009-10-05 16:12 - 0000000 ____D C:\users\Lyn

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2010-04-07 22:01] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-13 15:24] - [2010-04-07 22:01] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6143.04 MB
Available physical RAM: 5431.36 MB
Total Pagefile: 6141.18 MB
Available Pagefile: 5419.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:244.5 GB) (Free:117.87 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:221.16 GB) (Free:168.86 GB) NTFS
4 Drive g: () (Removable) (Total:3.75 GB) (Free:1.12 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 3840 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 244 GB 101 MB
Partition 0 Extended 221 GB 244 GB
Partition 3 Logical 221 GB 244 GB

=========================================================================== ===========================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================================== ===========================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 244 GB Healthy

=========================================================================== ===========================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 221 GB Healthy

=========================================================================== ===========================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3839 MB 16 KB

=========================================================================== ===========================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3839 MB Healthy

=========================================================================== ===========================

==========================================================

Last Boot: 2012-04-29 06:15

======================= End Of Log ==========================
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
30-Apr-2012, 05:11 AM #67
Hi again

I think you perhaps misunderstood my previous post. Rather than a full log, this should produce a much shorter log - we are searching for file names. We do need to use FRST though, but just a different function. Please follow these instructions carefully

Using your flash drive:

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
Type the following in the edit box after "Search".

user32.dll*


It then should look like this:

Search: user32.dll*

Click Search button and post the log (Search.txt) it makes to your reply.
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
30-Apr-2012, 11:20 AM #68
Sorry. I'll redo it.
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
30-Apr-2012, 09:56 PM #69
Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 2012-04-30 22:52:30
Running from G:\

================== Search: "user32.dll*" ===================

C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2009-07-13 15:24] - [2009-07-13 17:11] - 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0

C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_ed68ab77ca33fe56\user32.dll.mui
[2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 7F44160E679FD0BEEAF25BFE04553CCD

C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a44793c3792f02af\user32.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:03] - 0017920 ____A (Microsoft Corporation) D448B52149F95F1250100F9BD0ED7152

C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_e314012595d33c5b\user32.dll.mui
[2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 688BA0F29CA43CF339CDF4893237AB40

C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99f2e97144ce40b4\user32.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:26] - 0017920 ____A (Microsoft Corporation) 7CA57982056C7BCED0B96A892F595802

C:\Windows\SysWOW64\user32.dll
[2009-07-13 15:24] - [2010-04-07 22:01] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\SysWOW64\user32.dll.bak
[2009-07-13 15:24] - [2009-07-13 17:11] - 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0

C:\Windows\SysWOW64\ru-RU\user32.dll.mui
[2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 7F44160E679FD0BEEAF25BFE04553CCD

C:\Windows\SysWOW64\en-US\user32.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:03] - 0017920 ____A (Microsoft Corporation) D448B52149F95F1250100F9BD0ED7152

C:\Windows\System32\user32.dll
[2009-07-13 15:38] - [2010-04-07 22:01] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\System32\user32.dll.bak
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

C:\Windows\System32\ru-RU\user32.dll.mui
[2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 688BA0F29CA43CF339CDF4893237AB40

C:\Windows\System32\en-US\user32.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:26] - 0017920 ____A (Microsoft Corporation) 7CA57982056C7BCED0B96A892F595802

====== End Of Search ======
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
01-May-2012, 05:08 AM #70
Hi again

Thanks for that log now we can try replacing those files.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Plug the flashdrive into the infected PC.

Code:
Replace: C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\Windows\SysWOW64\user32.dll 
Replace: C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll C:\Windows\System32\user32.dll
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
01-May-2012, 01:16 PM #71
Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-05-01 14:12:42 R:2
Running from G:\

==============================================

C:\Windows\SysWOW64\user32.dll moved successfully.
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll copied successfully to C:\Windows\SysWOW64\user32.dll
C:\Windows\System32\user32.dll moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll copied successfully to C:\Windows\System32\user32.dll

==== End of Fixlog ====


Hi. Could my other 2 pc's be infected if they're on the same network? They're not redirecting or anything. Just wondering. Thanks!
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
01-May-2012, 04:38 PM #72
Hi again

How is your system running now?

The other 2 could be infected but if there are no symptoms then it's unlikely they have caught anything.
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
01-May-2012, 05:07 PM #73
I'll have to see. I'll let you know. Thanks!
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
01-May-2012, 07:41 PM #74
Still redirecting. : (
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
02-May-2012, 09:36 AM #75
Hi again

Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.


  • If Malicious objects are found, ensure Cure is selected (it should be by default)



  • Click Continue then click Reboot now



  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please attach that log.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2