1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser Redirect

Discussion in 'Virus & Other Malware Removal' started by tanusgreystar, Feb 26, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
    Ran by SYSTEM at 2012-04-26 18:24:20 R:1
    Running from G:\

    ==============================================

    Could not find Replace: .
    Could not find Replace: .
    C:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\Windows\SysWOW64\User32.dll not found.
    C:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll c:\windows\system32\user32.dll not found.

    ==== End of Fixlog ====
     
  2. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    My apologies – I copied and pasted the wrong file names. I need to check the correct file names..


    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    Type the following in the edit box after "Search:".

    user32.dll*


    It then should look like:

    Search: user32.dll*

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  3. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Hi. I'll get to this tomorrow. If I don't get to it I'll at least check in. BTW she's getting popups now! Talk to you tomorrow. Thanks!
     
  4. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    No worries.

    I will be away for most of tomorrow so it might be Sunday before I can reply.
     
  5. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    ok thanks!
     
  6. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
    Ran by SYSTEM at 29-04-2012 21:31:29
    Running from G:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-20] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
    HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2184520 2009-03-23] (CANON INC.)
    HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-03-17] (CANON INC.)
    HKLM-x32\...\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe [2861624 2009-04-07] (ASUSTek.)
    HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-07] (ASUS)
    HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8392704 2009-03-04] (ASUS)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
    HKLM-x32\...\Run: [Turbo Gear Help] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [1026048 2009-08-05] ()
    HKLM-x32\...\Run: [Turbo Gear] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" -r [2987520 2009-08-05] ()
    HKLM-x32\...\Run: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe [139264 2008-08-21] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKU\Lyn\...\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe [862032 2010-11-18] (Storage Appliance Corp.)
    HKU\Lyn\...\Run: [chromium] C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window [1224176 2012-04-11] (Google Inc.)
    HKU\Lyn\...\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" [435672 2011-11-14] (TomTom)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    ==================== Services (Whitelisted) ======

    3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-23] (Adobe Systems Incorporated)
    2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
    2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
    2 CFUACProxy_officeguardianv2n; "C:\ProgramData\OfficeGuardianV2N\UACProxy.exe" -s "-pC:\ProgramData\OfficeGuardianV2N" [83792 2010-11-18] (Storage Appliance Corp.)
    3 DAUpdaterSvc; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
    3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
    2 NPWService; C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe [788480 2009-01-15] ()
    2 SacNetAgentService_C57C4F854F53; C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [163664 2010-11-18] (Storage Appliance Corporation)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    3 spmgr; C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
    2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()

    ========================== Drivers (Whitelisted) =============

    2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
    2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2009-10-12] ()
    3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
    2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-03-30] (Windows (R) Win 7 DDK provider)
    1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)
    3 enecir; C:\Windows\System32\Drivers\enecir.sys [70656 2009-05-20] (ENE TECHNOLOGY INC.)
    3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-01-06] ( )
    3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [197632 2009-01-16] ( )
    2 ghaio; \??\C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
    1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
    2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2009-10-12] ()
    0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [16440 2009-04-01] (Windows (R) Win 7 DDK provider)
    3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
    3 mcdbus; C:\Windows\SysWow64\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
    3 salmosa; C:\Windows\System32\Drivers\salmosa.sys [11904 2008-03-20] (Razer (Asia-Pacific) Pte Ltd)
    2 SBKUPNT; C:\Windows\SysWow64\Drivers\SBKUPNT.sys [14976 2001-07-13] ()
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys [x]

    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-04-25 23:25 - 2009-10-10 18:15 - 0000000 ____D C:\FRST
    2012-04-25 03:17 - 2012-03-14 08:33 - 0000000 __SHD C:\$RECYCLE.BIN
    2012-04-24 14:56 - 2011-09-22 03:27 - 0139264 ____A C:\Users\Lyn\Desktop\SystemLook.exe
    2012-04-24 12:23 - 2009-10-05 17:53 - 0024410 ____A C:\ComboFix.txt
    2012-04-23 18:25 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-04-23 18:25 - 2009-06-10 13:10 - 0000000 ____D C:\Windows\System32\Macromed
    2012-04-23 18:25 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-04-23 18:03 - 2012-04-23 18:16 - 0594944 ____A (OldTimer Tools) C:\Users\Lyn\Desktop\OTL.exe
    2012-04-18 08:42 - 2012-04-07 10:35 - 0208896 ____A C:\Windows\MBR.exe
    2012-04-18 08:42 - 2009-10-14 13:32 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-04-18 08:42 - 2009-07-13 23:50 - 0080412 ____A C:\Windows\grep.exe
    2012-04-18 08:42 - 2009-07-13 23:46 - 0098816 ____A C:\Windows\sed.exe
    2012-04-18 08:42 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe
    2012-04-18 08:42 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
    2012-04-18 08:42 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-04-18 08:42 - 2000-07-14 20:00 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-04-18 08:40 - - 4474448 ____R (Swearware) C:\Users\Lyn\Desktop\ComboFix.exe
    2012-04-13 07:05 - - 0000937 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
    2012-04-13 06:30 - 2012-04-29 04:07 - 0000000 ____D C:\Perfect World Entertainment
    2012-04-13 06:21 - 2009-07-13 17:16 - 0258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
    2012-04-13 04:52 - 2011-07-27 17:13 - 0000000 ____D C:\Users\All Users\PMB Files
    2012-04-13 04:52 - 2011-07-27 17:13 - 0000000 ____D C:\ProgramData\PMB Files
    2012-04-13 04:52 - 2011-02-15 10:24 - 0000000 ____D C:\Users\Lyn\AppData\Local\PMB Files
    2012-04-11 23:23 - 2009-10-05 18:03 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
    2012-04-10 21:26 - 2012-03-29 11:34 - 0357766 ____A C:\Users\Lyn\Desktop\HostsXpert.zip
    2012-04-10 12:50 - 2009-07-13 21:08 - 0000000 ____D C:\Users\Public\Documents\skyrim-verified
    2012-04-07 10:35 - 2012-04-07 10:35 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-04-07 10:35 - 2012-04-07 10:35 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
    2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\System32\ieuinit.inf
    2012-04-07 10:35 - 2012-04-07 10:35 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-04-07 10:35 - 2010-03-03 23:57 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-04-07 10:35 - 2010-03-03 23:33 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-04-07 10:35 - 2009-10-05 19:06 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-04-07 10:35 - 2009-10-05 19:06 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-04-07 10:35 - 2009-07-13 19:20 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-04-07 10:35 - 2009-07-13 19:20 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-04-07 10:35 - 2009-07-13 19:20 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-04-07 10:35 - 2009-07-13 19:20 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-04-07 10:35 - 2009-07-13 17:41 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-04-07 10:35 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-04-07 10:35 - 2009-07-13 17:41 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-04-07 10:35 - 2009-07-13 17:41 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-04-07 10:35 - 2009-07-13 17:41 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-04-07 10:35 - 2009-07-13 17:41 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-04-07 10:35 - 2009-07-13 17:41 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-04-07 10:35 - 2009-07-13 17:40 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-04-07 10:35 - 2009-07-13 17:39 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-04-07 10:35 - 2009-07-13 17:39 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-04-07 10:35 - 2009-07-13 17:39 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-04-07 10:35 - 2009-07-13 17:39 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-04-07 10:35 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-04-07 10:35 - 2009-07-13 17:38 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-04-07 10:35 - 2009-07-13 17:38 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-04-07 10:35 - 2009-07-13 17:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-04-07 10:35 - 2009-07-13 17:16 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-04-07 10:35 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-04-07 10:35 - 2009-07-13 17:16 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-04-07 10:35 - 2009-07-13 17:16 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-04-07 10:35 - 2009-07-13 17:15 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-04-07 10:35 - 2009-07-13 17:15 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-04-07 10:35 - 2009-07-13 17:15 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-04-07 10:35 - 2009-07-13 17:15 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-04-07 10:35 - 2009-07-13 17:15 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-04-07 10:35 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-04-07 10:35 - 2009-07-13 17:14 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-04-07 10:35 - 2009-07-13 17:14 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-04-07 10:35 - 2009-07-13 17:14 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-04-07 10:35 - 2009-07-13 17:14 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-04-07 10:35 - 2009-07-13 17:14 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-04-07 10:35 - 2009-07-13 17:14 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-04-07 10:35 - 2009-07-13 17:14 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-04-07 10:35 - 2009-07-13 15:55 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-04-07 10:35 - 2009-07-13 15:40 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-04-07 10:35 - 2009-07-13 15:31 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-04-07 10:35 - 2009-07-13 15:19 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-04-07 10:35 - 2009-07-13 12:49 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-04-07 10:35 - 2009-06-10 13:14 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-04-07 10:35 - 2009-06-10 12:30 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2012-04-07 10:34 - 2012-04-07 10:34 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
    2012-04-07 10:34 - 2010-11-03 22:48 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
    2012-04-07 10:34 - 2009-10-30 21:45 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2012-04-07 10:34 - 2009-07-13 17:41 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
    2012-04-07 10:34 - 2009-07-13 17:41 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2012-04-07 10:34 - 2009-07-13 17:41 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2012-04-07 10:34 - 2009-07-13 17:40 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2012-04-07 10:34 - 2009-07-13 17:40 - 1540608 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-04-07 10:34 - 2009-07-13 17:40 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2012-04-07 10:34 - 2009-07-13 17:40 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2012-04-07 10:34 - 2009-07-13 17:39 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
    2012-04-07 10:34 - 2009-07-13 17:39 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
    2012-04-07 10:34 - 2009-07-13 17:16 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2012-04-07 10:34 - 2009-07-13 17:16 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2012-04-07 10:34 - 2009-07-13 17:15 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2012-04-07 10:34 - 2009-07-13 17:15 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2012-04-07 10:34 - 2009-07-13 17:15 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2012-04-07 10:34 - 2009-07-13 17:15 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2012-04-07 10:34 - 2009-07-13 17:15 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2012-04-07 10:34 - 2009-07-13 15:38 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2012-04-07 10:32 - 2009-07-13 17:39 - 0004118 ____A C:\Windows\IE9_main.log
    2012-04-07 05:44 - 2011-04-29 10:10 - 0000000 ____D C:\Program Files (x86)\ESET
    2012-04-07 05:37 - 2012-02-25 09:19 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
    2012-04-07 05:37 - 2011-07-23 07:04 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2012-04-07 05:37 - 2011-03-06 06:19 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
    2012-04-07 05:37 - 2011-03-06 06:19 - 0000000 ____D C:\ProgramData\McAfee Security Scan
    2012-04-07 05:37 - 2009-07-13 20:54 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    2012-04-07 05:36 - 2010-03-25 13:51 - 0000000 ____D C:\Program Files (x86)\Adobe
    2012-04-07 05:36 - - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-04-01 11:06 - 2011-03-08 21:02 - 0000000 ____D C:\Users\Lyn\Desktop\New folder
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
    2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
    2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
    2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
    2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
    2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
    2012-03-30 08:03 - 2011-01-19 13:22 - 0000162 ___AH C:\Users\Lyn\Desktop\~$rvice Plan.rtf


    ============ 3 Months Modified Files and Folders =============

    2012-04-29 21:31 - 2012-04-25 23:25 - 0000000 ____D C:\FRST
    2012-04-29 17:29 - 2009-10-05 19:05 - 1331527 ____A C:\Windows\WindowsUpdate.log
    2012-04-29 17:24 - 2010-10-18 07:59 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
    2012-04-29 17:11 - 2012-04-23 18:25 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-04-29 13:01 - 2012-04-29 13:01 - 0014399 ____A C:\Users\Lyn\Desktop\evolution-b6u3jmn1j-271148-475-286.jpg
    2012-04-29 05:24 - 2010-10-18 07:59 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
    2012-04-29 04:07 - 2012-02-27 05:04 - 0005600 ____A C:\Windows\setupact.log
    2012-04-29 04:07 - 2009-10-05 19:01 - 536109056 __ASH C:\hiberfil.sys
    2012-04-29 04:07 - 2009-10-05 16:59 - 0000000 ____D C:\Users\All Users\NVIDIA
    2012-04-29 04:07 - 2009-10-05 16:59 - 0000000 ____D C:\ProgramData\NVIDIA
    2012-04-29 04:07 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-04-27 19:37 - 2009-10-07 15:02 - 0000000 ____D C:\Users\Lyn\Desktop\Random Writing
    2012-04-26 14:29 - 2009-08-03 09:13 - 0732750 ____A C:\Windows\System32\perfh019.dat
    2012-04-26 14:29 - 2009-08-03 09:13 - 0154362 ____A C:\Windows\System32\perfc019.dat
    2012-04-26 14:29 - 2009-07-13 21:13 - 1668226 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-04-25 03:17 - 2012-04-25 03:17 - 0000000 __SHD C:\$RECYCLE.BIN
    2012-04-24 14:56 - 2012-04-24 14:56 - 0139264 ____A C:\Users\Lyn\Desktop\SystemLook.exe
    2012-04-24 12:23 - 2012-04-24 12:23 - 0024410 ____A C:\ComboFix.txt
    2012-04-24 12:23 - 2012-03-25 17:04 - 0000000 ____D C:\Qoobox
    2012-04-24 12:05 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
    2012-04-24 12:03 - 2012-02-27 05:04 - 0011908 ____A C:\Windows\PFRO.log
    2012-04-24 11:52 - 2012-04-18 08:40 - 4474448 ____R (Swearware) C:\Users\Lyn\Desktop\ComboFix.exe
    2012-04-24 01:48 - 2009-10-12 19:27 - 0001725 ____A C:\Windows\System32\ServiceFilter.ini
    2012-04-23 18:25 - 2012-04-23 18:25 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-04-23 18:25 - 2012-04-23 18:25 - 0000000 ____D C:\Windows\System32\Macromed
    2012-04-23 18:25 - 2011-06-23 09:12 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-04-23 18:16 - 2012-04-01 11:06 - 0000000 ____D C:\Users\Lyn\Desktop\New folder
    2012-04-23 18:03 - 2012-04-23 18:03 - 0594944 ____A (OldTimer Tools) C:\Users\Lyn\Desktop\OTL.exe
    2012-04-20 10:21 - 2009-10-05 17:43 - 0000000 ____D C:\Users\All Users\Adobe
    2012-04-20 10:21 - 2009-10-05 17:43 - 0000000 ____D C:\ProgramData\Adobe
    2012-04-20 10:20 - 2009-10-05 16:52 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\Adobe
    2012-04-13 19:11 - 2012-04-13 04:52 - 0000000 ____D C:\Users\Lyn\AppData\Local\PMB Files
    2012-04-13 07:05 - 2012-04-13 07:05 - 0000937 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
    2012-04-13 06:30 - 2012-04-13 06:30 - 0000000 ____D C:\Perfect World Entertainment
    2012-04-13 05:00 - 2012-04-13 06:21 - 0258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
    2012-04-13 04:53 - 2012-04-13 04:52 - 0000000 ____D C:\Users\All Users\PMB Files
    2012-04-13 04:53 - 2012-04-13 04:52 - 0000000 ____D C:\ProgramData\PMB Files
    2012-04-11 23:23 - 2012-04-11 23:23 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
    2012-04-11 23:21 - 2012-04-10 12:50 - 0000000 ____D C:\Users\Public\Documents\skyrim-verified
    2012-04-10 23:38 - 2009-07-13 20:45 - 0019792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-04-10 23:38 - 2009-07-13 20:45 - 0019792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-04-10 21:26 - 2012-04-10 21:26 - 0357766 ____A C:\Users\Lyn\Desktop\HostsXpert.zip
    2012-04-10 13:02 - 2012-04-07 05:37 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2012-04-10 13:02 - 2012-04-07 05:37 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    2012-04-10 13:02 - 2012-04-07 05:37 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
    2012-04-09 14:57 - 2009-10-05 16:46 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-04-09 05:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
    2012-04-07 10:42 - 2009-10-12 19:27 - 0002192 ____A C:\Windows\System32\AutoRunFilter.ini
    2012-04-07 10:41 - 2009-10-05 20:01 - 0000000 ____D C:\Windows\Panther
    2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
    2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
    2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
    2012-04-07 10:38 - 2012-04-07 10:32 - 0004118 ____A C:\Windows\IE9_main.log
    2012-04-07 10:35 - 2012-04-07 10:35 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-04-07 10:35 - 2012-04-07 10:35 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-04-07 10:35 - 2012-04-07 10:35 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-04-07 10:35 - 2012-04-07 10:35 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-04-07 10:35 - 2012-04-07 10:35 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-04-07 10:35 - 2012-04-07 10:35 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
    2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\System32\ieuinit.inf
    2012-04-07 10:35 - 2012-04-07 10:35 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-04-07 10:35 - 2012-04-07 10:35 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-04-07 10:35 - 2012-04-07 10:35 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-04-07 10:34 - 2012-04-07 10:34 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2012-04-07 10:34 - 2012-04-07 10:34 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2012-04-07 10:34 - 2012-04-07 10:34 - 1540608 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2012-04-07 10:34 - 2012-04-07 10:34 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2012-04-07 10:34 - 2012-04-07 10:34 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2012-04-07 10:34 - 2012-04-07 10:34 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
    2012-04-07 05:44 - 2012-04-07 05:44 - 0000000 ____D C:\Program Files (x86)\ESET
    2012-04-07 05:37 - 2012-04-07 05:37 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
    2012-04-07 05:37 - 2012-04-07 05:37 - 0000000 ____D C:\ProgramData\McAfee Security Scan
    2012-04-07 05:36 - 2012-04-07 05:36 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-04-07 05:36 - 2012-04-07 05:36 - 0000000 ____D C:\Program Files (x86)\Adobe
    2012-04-07 05:36 - 2009-10-05 17:41 - 0000000 ____D C:\Users\Lyn\AppData\Local\Adobe
    2012-04-05 15:34 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
    2012-04-02 16:31 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
    2012-04-01 16:42 - 2010-07-27 15:35 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\vlc
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
    2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
    2012-03-31 07:14 - 2012-03-25 17:04 - 0000000 ____D C:\Windows\ERDNT
    2012-03-31 07:14 - 2009-07-13 18:34 - 68419584 ____A C:\Windows\System32\config\SOFTWARE.bak
    2012-03-31 07:14 - 2009-07-13 18:34 - 17301504 ____A C:\Windows\System32\config\SYSTEM.bak
    2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
    2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
    2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
    2012-03-30 08:03 - 2012-03-30 08:03 - 0000162 ___AH C:\Users\Lyn\Desktop\~$rvice Plan.rtf
    2012-03-29 13:55 - 2009-10-13 20:19 - 0000000 ____D C:\Users\Lyn\AppData\Local\ElevatedDiagnostics
    2012-03-29 13:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
    2012-03-29 11:34 - 2012-03-29 11:34 - 0011678 ____A C:\Users\Lyn\Desktop\Hi Inge.docx
    2012-03-25 17:47 - 2012-03-25 17:47 - 0000000 ____A C:\Windows\SysWOW64\config.nt
    2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\Users\All Users\AVAST Software
    2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\ProgramData\AVAST Software
    2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\Program Files\AVAST Software
    2012-03-25 17:37 - 2011-12-11 07:25 - 0002324 ____A C:\Windows\epplauncher.mif
    2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\Users\All Users\avg8
    2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\Users\All Users\AVG Security Toolbar
    2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\ProgramData\avg8
    2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\ProgramData\AVG Security Toolbar
    2012-03-25 17:21 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
    2012-03-15 02:57 - 2010-03-21 18:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-03-14 08:33 - 2009-10-13 08:11 - 0000000 ____D C:\$AVG8.VAULT$
    2012-03-12 05:26 - 2011-12-05 06:44 - 0000000 ____D C:\Users\All Users\AVG Secure Search
    2012-03-12 05:26 - 2011-12-05 06:44 - 0000000 ____D C:\ProgramData\AVG Secure Search
    2012-03-11 06:51 - 2009-10-05 16:40 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
    2012-03-06 15:15 - 2012-03-25 17:47 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-03-06 15:15 - 2012-03-25 17:46 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-03-06 15:15 - 2012-03-25 17:46 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-03-06 15:04 - 2012-03-25 17:47 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-03-06 15:04 - 2012-03-25 17:47 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-03-06 15:02 - 2012-03-25 17:47 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-03-06 15:01 - 2012-03-25 17:47 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-03-06 15:01 - 2012-03-25 17:47 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-03-06 15:01 - 2012-03-25 17:47 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-03-01 05:28 - 2010-02-01 12:47 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-03-01 05:28 - 2010-02-01 12:47 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2012-02-27 17:34 - 2012-02-27 17:34 - 0000010 ____A C:\Users\Public\homegroup.txt
    2012-02-27 12:24 - 2009-07-13 21:08 - 0032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-02-27 05:04 - 2012-02-27 05:04 - 0000000 ____A C:\Windows\setuperr.log
    2012-02-27 05:04 - 2011-12-07 17:01 - 0000000 ____D C:\Program Files (x86)\Iminent
    2012-02-26 13:56 - 2012-02-26 13:56 - 0001047 ____A C:\Users\Public\DriverTuner.lnk
    2012-02-26 13:56 - 2012-02-26 13:56 - 0000000 ____D C:\Program Files (x86)\DriverTuner
    2012-02-26 13:47 - 2012-02-26 13:47 - 0000249 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
    2012-02-26 13:42 - 2012-02-26 13:42 - 0004478 ____A C:\Users\Lyn\Documents\cc_20120226_164250.reg
    2012-02-26 13:42 - 2009-10-05 16:44 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\BitTorrent
    2012-02-26 13:41 - 2009-10-05 18:25 - 0000000 ____D C:\Windows\Minidump
    2012-02-26 13:40 - 2011-12-07 18:55 - 0000000 ____D C:\Program Files\CCleaner
    2012-02-26 13:05 - 2012-02-26 13:05 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-02-26 13:05 - 2012-02-26 13:05 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-02-26 13:05 - 2012-02-26 13:05 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-02-26 13:05 - 2010-06-01 10:52 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-02-26 13:03 - 2009-10-11 11:25 - 0000000 ____D C:\Program Files (x86)\Java
    2012-02-26 11:16 - 2012-02-26 11:16 - 0000000 ____D C:\Users\Public\HIJACK
    2012-02-25 09:19 - 2012-02-25 09:19 - 0001113 ____A C:\Users\Public\Malwarebytes Anti-Malware.lnk
    2012-02-25 09:19 - 2010-02-01 13:27 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-23 06:18 - 2009-10-05 16:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-02-11 20:43 - 2009-10-05 16:12 - 0000000 ____D C:\users\Lyn

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\User32.dll
    [2009-07-13 15:38] - [2010-04-07 22:01] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

    C:\Windows\SysWOW64\User32.dll
    [2009-07-13 15:24] - [2010-04-07 22:01] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 11%
    Total physical RAM: 6143.04 MB
    Available physical RAM: 5431.36 MB
    Total Pagefile: 6141.18 MB
    Available Pagefile: 5419.55 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:244.5 GB) (Free:117.87 GB) NTFS
    2 Drive d: (DATA) (Fixed) (Total:221.16 GB) (Free:168.86 GB) NTFS
    4 Drive g: () (Removable) (Total:3.75 GB) (Free:1.12 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 1024 KB
    Disk 1 Online 3840 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 244 GB 101 MB
    Partition 0 Extended 221 GB 244 GB
    Partition 3 Logical 221 GB 244 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 244 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D DATA NTFS Partition 221 GB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3839 MB 16 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 3839 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-04-29 06:15

    ======================= End Of Log ==========================
     
  7. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    I think you perhaps misunderstood my previous post. Rather than a full log, this should produce a much shorter log - we are searching for file names. We do need to use FRST though, but just a different function. Please follow these instructions carefully

    Using your flash drive:

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    Type the following in the edit box after "Search".

    user32.dll*


    It then should look like this:

    Search: user32.dll*

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  8. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Sorry. I'll redo it.
     
  9. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Farbar Recovery Scan Tool Version: 22-04-2012
    Ran by SYSTEM at 2012-04-30 22:52:30
    Running from G:\

    ================== Search: "user32.dll*" ===================

    C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    [2009-07-13 15:24] - [2009-07-13 17:11] - 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0

    C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_ed68ab77ca33fe56\user32.dll.mui
    [2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 7F44160E679FD0BEEAF25BFE04553CCD

    C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a44793c3792f02af\user32.dll.mui
    [2009-07-13 21:35] - [2009-07-13 18:03] - 0017920 ____A (Microsoft Corporation) D448B52149F95F1250100F9BD0ED7152

    C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

    C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_e314012595d33c5b\user32.dll.mui
    [2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 688BA0F29CA43CF339CDF4893237AB40

    C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99f2e97144ce40b4\user32.dll.mui
    [2009-07-13 21:35] - [2009-07-13 18:26] - 0017920 ____A (Microsoft Corporation) 7CA57982056C7BCED0B96A892F595802

    C:\Windows\SysWOW64\user32.dll
    [2009-07-13 15:24] - [2010-04-07 22:01] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

    C:\Windows\SysWOW64\user32.dll.bak
    [2009-07-13 15:24] - [2009-07-13 17:11] - 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0

    C:\Windows\SysWOW64\ru-RU\user32.dll.mui
    [2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 7F44160E679FD0BEEAF25BFE04553CCD

    C:\Windows\SysWOW64\en-US\user32.dll.mui
    [2009-07-13 21:35] - [2009-07-13 18:03] - 0017920 ____A (Microsoft Corporation) D448B52149F95F1250100F9BD0ED7152

    C:\Windows\System32\user32.dll
    [2009-07-13 15:38] - [2010-04-07 22:01] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

    C:\Windows\System32\user32.dll.bak
    [2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

    C:\Windows\System32\ru-RU\user32.dll.mui
    [2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 688BA0F29CA43CF339CDF4893237AB40

    C:\Windows\System32\en-US\user32.dll.mui
    [2009-07-13 21:35] - [2009-07-13 18:26] - 0017920 ____A (Microsoft Corporation) 7CA57982056C7BCED0B96A892F595802

    ====== End Of Search ======
     
  10. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    Thanks for that log – now we can try replacing those files.


    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    Plug the flashdrive into the infected PC.

    Code:
    Replace: C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\Windows\SysWOW64\user32.dll 
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll C:\Windows\System32\user32.dll 
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     
  11. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
    Ran by SYSTEM at 2012-05-01 14:12:42 R:2
    Running from G:\

    ==============================================

    C:\Windows\SysWOW64\user32.dll moved successfully.
    C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll copied successfully to C:\Windows\SysWOW64\user32.dll
    C:\Windows\System32\user32.dll moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll copied successfully to C:\Windows\System32\user32.dll

    ==== End of Fixlog ====


    Hi. Could my other 2 pc's be infected if they're on the same network? They're not redirecting or anything. Just wondering. Thanks!
     
  12. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    How is your system running now?

    The other 2 could be infected but if there are no symptoms then it's unlikely they have caught anything.
     
  13. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    I'll have to see. I'll let you know. Thanks!
     
  14. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Still redirecting. : (
     
  15. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

    Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.

    [​IMG]

    • If Malicious objects are found, ensure Cure is selected (it should be by default)

      [​IMG]

    • Click Continue then click Reboot now

      [​IMG]

    • Once complete, a log will be produced at the root drive which is typically C:\

      For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

    Please attach that log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1042798