TechSpot

Another sireref/MSE/auto-reboot case

By StevenM1988
Jul 30, 2012
  1. Windows Vista, 32-bit. The laptop boots up, MSE detects two potential threats, followed by "Windows has encountered a critical error and will close in one minute".

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 30-07-2012 12:47:46
    Running from D:\
    Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [WTClient] WTClient.exe [x]
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [138008 1999-12-31] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171288 1999-12-31] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [172824 1999-12-31] (Intel Corporation)
    HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\Administrator\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-02-18] (Google Inc.)
    HKU\kid\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\kid\...\Run: [lbrog] "C:\Windows\System32\rundll32.exe" "C:\Users\kid\AppData\Roaming\lbrog.dll",WriteObjectToFile [432128 2012-07-28] (Stardock Systems, Inc)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    ================================ Services (Whitelisted) ==================

    2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
    2 gupdate1ca5b029d5ed4ea; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-01] (Google Inc.)
    2 OsdService; C:\Program Files\OEM\OSD_2.4\OsdService.exe [94208 2008-02-22] (TODO: <????>)
    2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-07-05] (Skype Technologies S.A.)
    2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-05-02] (Skype Technologies)
    2 sprtsvc_TalkTalk; "C:\Program Files\TalkTalk\bin\sprtsvc.exe" /service /p TalkTalk [202016 2007-10-12] (SupportSoft, Inc.)
    3 SupportSoft RemoteAssist; C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [382320 2007-08-02] (SupportSoft, Inc.)
    2 tgsrvc_TalkTalk; "C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe" /p TalkTalk [148768 2007-08-02] (SupportSoft, Inc.)
    2 WinTabService; "C:\Windows\System32\Drivers\WTSRV.EXE" [69632 2008-06-16] (Tablet Driver)
    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

    ========================== Drivers (Whitelisted) =============

    3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [27504 2010-01-25] (Windows (R) Win 7 DDK provider)
    3 GpdDevDPort; \??\C:\Windows\system32\directport.sys [7168 2008-06-17] ()
    3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [127488 1999-12-31] (Intel(R) Corporation)
    3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-20] (Microsoft Corporation)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [18944 2007-06-07] (PenTablet Driver)
    3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [344576 1999-12-31] (Realtek Semiconductor Corporation )
    3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2012-07-30] ()
    3 GpdKbFilter; \??\C:\Windows\system32\kbfiltr.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 PTSimHid; "%SystemRoot%\System32\Drivers\PTSimHid.sys" [x]
    3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]
    3 TClass2k; "%SystemRoot%\System32\Drivers\TClass2k.sys" [x]
    3 UCTblHid; "%SystemRoot%\System32\Drivers\UCTblHid.sys" [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-30 12:47 - 2012-07-30 12:47 - 00000000 ___DC C:\FRST
    2012-07-30 03:03 - 2012-07-30 03:03 - 00001945 ___AC C:\Windows\epplauncher.mif
    2012-07-30 03:02 - 2012-07-30 03:03 - 00000000 ___DC C:\Program Files\Microsoft Security Client
    2012-07-30 02:45 - 2012-07-30 02:45 - 00012872 ___AC (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
    2012-07-28 12:50 - 2012-07-28 12:50 - 00000000 _SHDC C:\Windows\System32\%APPDATA%
    2012-07-28 12:46 - 2012-07-28 12:46 - 00432128 ___AC (Stardock Systems, Inc) C:\Users\kid\AppData\Roaming\lbrog.dll
    2012-07-28 12:45 - 2012-07-30 02:28 - 00000000 ___DC C:\Users\kid\AppData\Roaming\Naiwa
    2012-07-28 12:45 - 2012-07-28 12:49 - 00000000 ___DC C:\Users\kid\AppData\Roaming\Yfanon
    2012-07-28 12:45 - 2012-07-28 12:45 - 00000000 ___DC C:\Users\kid\AppData\Roaming\Agamx
    2012-07-28 01:21 - 2012-07-28 01:22 - 08669472 ___AC (Microsoft Corporation) C:\Users\kid\Downloads\Windows7UpgradeAdvisorSetup.exe
    2012-07-27 19:56 - 2012-07-27 19:56 - 00000000 ___DC C:\Users\kid\Desktop\My CD Backup DO NOT DELETE
    2012-07-27 15:04 - 2012-07-27 15:04 - 18831496 ___AC (SUPERAntiSpyware.com) C:\Users\kid\Downloads\SUPERAntiSpyware (1).exe
    2012-07-27 15:03 - 2012-07-27 15:04 - 18831496 ___AC (SUPERAntiSpyware.com) C:\Users\kid\Downloads\SUPERAntiSpyware.exe
    2012-07-27 05:57 - 2012-03-01 06:46 - 00219648 ___AC (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2012-07-27 05:57 - 2012-03-01 06:46 - 00160768 ___AC (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2012-07-27 05:57 - 2012-02-29 06:08 - 01172480 ___AC (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2012-07-27 05:57 - 2012-02-29 05:44 - 00683008 ___AC (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2012-07-27 05:57 - 2012-02-29 05:41 - 01069056 ___AC (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-07-27 05:57 - 2011-03-12 13:55 - 00876032 ___AC (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
    2012-07-27 05:25 - 2012-07-27 05:25 - 00000000 __AHC C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2012-07-27 05:25 - 2012-07-27 05:25 - 00000000 __AHC C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
    2012-07-27 05:25 - 2012-07-27 05:25 - 00000000 ___DC C:\Program Files\Windows Portable Devices
    2012-07-27 05:07 - 2012-06-13 05:40 - 02047488 ___AC (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-27 05:06 - 2009-09-09 18:01 - 03023360 ___AC (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
    2012-07-27 05:06 - 2009-09-09 18:00 - 01164800 ___AC (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
    2012-07-27 05:06 - 2009-09-09 18:00 - 00092672 ___AC (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
    2012-07-27 05:04 - 2009-09-30 17:02 - 02537472 ___AC (Microsoft Corporation) C:\Windows\System32\wpdshext.dll
    2012-07-27 05:04 - 2009-09-30 17:02 - 00334848 ___AC (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll
    2012-07-27 05:04 - 2009-09-30 17:02 - 00087552 ___AC (Microsoft Corporation) C:\Windows\System32\WPDShServiceObj.dll
    2012-07-27 05:04 - 2009-09-30 17:02 - 00031232 ___AC (Microsoft Corporation) C:\Windows\System32\BthMtpContextHandler.dll
    2012-07-27 05:04 - 2009-09-30 17:02 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\WPDShextAutoplay.exe
    2012-07-27 05:04 - 2009-09-30 17:01 - 00546816 ___AC (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
    2012-07-27 05:04 - 2009-09-30 17:01 - 00350208 ___AC (Microsoft Corporation) C:\Windows\System32\WPDSp.dll
    2012-07-27 05:04 - 2009-09-30 17:01 - 00226816 ___AC (Microsoft Corporation) C:\Windows\System32\WpdMtp.dll
    2012-07-27 05:04 - 2009-09-30 17:01 - 00196608 ___AC (Microsoft Corporation) C:\Windows\System32\PortableDeviceWMDRM.dll
    2012-07-27 05:04 - 2009-09-30 17:01 - 00160256 ___AC (Microsoft Corporation) C:\Windows\System32\PortableDeviceTypes.dll
    2012-07-27 05:04 - 2009-09-30 17:01 - 00100864 ___AC (Microsoft Corporation) C:\Windows\System32\PortableDeviceClassExtension.dll
    2012-07-27 05:04 - 2009-09-30 17:01 - 00081920 ___AC (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
    2012-07-27 05:04 - 2009-09-30 17:01 - 00061952 ___AC (Microsoft Corporation) C:\Windows\System32\WpdMtpUS.dll
    2012-07-27 05:04 - 2009-09-30 17:01 - 00060928 ___AC (Microsoft Corporation) C:\Windows\System32\PortableDeviceConnectApi.dll
    2012-07-27 05:04 - 2009-09-30 17:01 - 00040448 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\WpdUsb.sys
    2012-07-27 05:04 - 2009-09-30 17:01 - 00033280 ___AC (Microsoft Corporation) C:\Windows\System32\WpdConns.dll
    2012-07-27 04:49 - 2012-02-29 07:11 - 00172032 ___AC (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-07-27 04:49 - 2012-02-29 07:11 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2012-07-27 04:49 - 2012-02-29 07:09 - 00157696 ___AC (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2012-07-27 04:49 - 2012-02-29 05:32 - 00012800 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2012-07-27 04:35 - 2012-07-27 04:35 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-07-27 04:35 - 2012-07-27 04:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-27 04:35 - 2012-07-27 04:35 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-27 04:35 - 2012-07-27 04:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-07-27 04:35 - 2012-07-27 04:35 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-07-27 04:35 - 2012-07-27 04:35 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-07-27 04:34 - 2012-07-27 04:34 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
    2012-07-27 04:34 - 2012-07-27 04:34 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2012-07-27 04:34 - 2012-07-27 04:34 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
    2012-07-27 04:34 - 2012-07-27 04:34 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
    2012-07-27 04:32 - 2012-07-27 04:32 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
    2012-07-27 04:30 - 2012-07-27 04:36 - 00004020 ___AC C:\Windows\IE9_main.log
    2012-07-27 04:14 - 2009-03-08 03:34 - 00208384 ___AC (Microsoft Corporation) C:\Windows\System32\WinFXDocObj.exe
    2012-07-27 03:54 - 2012-04-23 08:00 - 00984064 ___AC (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-07-27 03:54 - 2012-04-23 08:00 - 00133120 ___AC (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-07-27 03:54 - 2012-04-23 08:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-07-27 03:54 - 2011-10-14 08:03 - 00189952 ___AC (Microsoft Corporation) C:\Windows\System32\winmm.dll
    2012-07-27 03:54 - 2011-10-14 08:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\mciseq.dll
    2012-07-27 03:53 - 2012-06-08 09:47 - 11586048 ___AC (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-27 03:53 - 2011-11-18 12:23 - 01205064 ___AC (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2012-07-27 03:53 - 2011-11-18 12:23 - 00000000 _SHDC C:\Users\kid\AppData\Local\{65e99947-af8d-6d36-4f49-167098a3bcf0}
    2012-07-27 03:52 - 2012-03-30 04:39 - 00905600 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-07-27 03:52 - 2012-03-20 15:28 - 00053120 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-07-27 03:52 - 2011-10-14 08:02 - 00429056 ___AC (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2012-07-27 03:52 - 2011-08-02 18:50 - 00443392 ___AC (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
    2012-07-27 03:52 - 2011-08-02 18:50 - 00096768 ___AC (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
    2012-07-27 03:52 - 2011-08-02 18:49 - 00151552 ___AC (Microsoft Corporation) C:\Windows\System32\MSNP.ax
    2012-07-27 03:52 - 2011-08-02 18:49 - 00069632 ___AC (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
    2012-07-27 03:52 - 2011-08-02 18:49 - 00057856 ___AC (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
    2012-07-27 03:51 - 2011-12-14 08:17 - 00680448 ___AC (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
    2012-07-27 03:51 - 2011-11-25 07:59 - 00376320 ___AC (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-07-27 03:51 - 2011-11-18 09:47 - 00066560 ___AC (Microsoft Corporation) C:\Windows\System32\packager.dll
    2012-07-27 03:51 - 2011-02-22 06:13 - 00288768 ___AC (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2012-07-27 03:51 - 2011-02-22 05:33 - 00797696 ___AC (Microsoft Corporation) C:\Windows\System32\FntCache.dll
    2012-07-27 03:50 - 2011-11-16 08:23 - 00377344 ___AC (Microsoft Corporation) C:\Windows\System32\winhttp.dll
    2012-07-27 03:50 - 2011-11-08 06:42 - 00002048 ___AC (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-07-27 03:50 - 2011-10-25 07:58 - 01314816 ___AC (Microsoft Corporation) C:\Windows\System32\quartz.dll
    2012-07-27 03:50 - 2011-10-25 07:58 - 00497152 ___AC (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-07-27 03:50 - 2011-10-25 07:56 - 00049152 ___AC (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2012-07-27 03:49 - 2012-06-05 08:47 - 01401856 ___AC (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-27 03:49 - 2012-06-05 08:47 - 01248768 ___AC (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-27 03:49 - 2012-05-01 06:03 - 00180736 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-07-27 03:49 - 2012-04-03 00:16 - 03602816 ___AC (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-07-27 03:49 - 2012-04-03 00:16 - 03550080 ___AC (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-07-27 03:49 - 2011-08-25 08:15 - 00555520 ___AC (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
    2012-07-27 03:49 - 2011-08-25 08:14 - 00563712 ___AC (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2012-07-27 03:49 - 2011-08-25 08:14 - 00238080 ___AC (Microsoft Corporation) C:\Windows\System32\oleacc.dll
    2012-07-27 03:49 - 2011-08-25 05:31 - 00004096 ___AC (Microsoft Corporation) C:\Windows\System32\oleaccrc.dll
    2012-07-27 03:49 - 2011-06-15 08:12 - 00182784 ___AC (Microsoft Corporation) C:\Windows\System32\xmllite.dll
    2012-07-27 03:47 - 2012-06-04 07:26 - 00440704 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-27 03:47 - 2012-06-01 16:04 - 00278528 ___AC (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-27 03:47 - 2012-06-01 16:03 - 00204288 ___AC (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-27 03:47 - 2011-11-16 08:23 - 00072704 ___AC (Microsoft Corporation) C:\Windows\System32\secur32.dll
    2012-07-27 03:47 - 2011-11-16 08:21 - 01259008 ___AC (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2012-07-27 03:47 - 2011-11-16 06:12 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\lsass.exe
    2012-07-27 03:47 - 2010-05-04 11:13 - 00231424 ___AC (Microsoft Corporation) C:\Windows\System32\msshsq.dll
    2012-07-27 03:26 - 2012-01-09 07:54 - 00613376 ___AC (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
    2012-07-27 03:07 - 2012-06-02 14:19 - 01933848 ___AC (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-07-27 03:07 - 2012-06-02 14:19 - 00577048 ___AC (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-07-27 03:07 - 2012-06-02 14:19 - 00053784 ___AC (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-07-27 03:07 - 2012-06-02 14:19 - 00045080 ___AC (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-07-27 03:07 - 2012-06-02 14:19 - 00035864 ___AC (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-07-27 03:07 - 2012-06-02 14:12 - 02422272 ___AC (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-07-27 03:07 - 2012-06-02 14:12 - 00088576 ___AC (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-07-27 03:07 - 2012-06-02 06:19 - 00171904 ___AC (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-07-27 03:07 - 2012-06-02 06:12 - 00033792 ___AC (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-07-26 10:33 - 2012-07-26 10:34 - 01448809 ___AC (DOSBox Team) C:\Users\kid\Downloads\DOSBox0.74-win32-installer.exe
    2012-07-26 10:33 - 2012-07-26 10:33 - 00096608 ___AC C:\Users\kid\Downloads\bman10.zip
    2012-07-26 08:29 - 2012-07-26 08:30 - 00000000 ___DC C:\Windows\System32\vi-VN
    2012-07-26 08:29 - 2012-07-26 08:30 - 00000000 ___DC C:\Windows\System32\eu-ES
    2012-07-26 08:29 - 2012-07-26 08:30 - 00000000 ___DC C:\Windows\System32\ca-ES
    2012-07-26 07:53 - 2012-07-26 07:53 - 00000000 ___DC C:\Program Files\AVAST Software
    2012-07-26 07:52 - 2012-07-26 07:52 - 00000000 ___DC C:\Windows\System32\EventProviders
    2012-07-26 06:35 - 2012-07-26 06:35 - 00000000 ___DC C:\Windows\System32\sda
    2012-07-26 06:35 - 1999-12-31 16:00 - 09112168 ___AC (Realtek Semiconductor Corp.) C:\Windows\System32\RtsUStoricon.dll
    2012-07-26 06:35 - 1999-12-31 16:00 - 00313960 ___AC (Realtek Semiconductor Corp.) C:\Windows\System32\RtsUStor.dll
    2012-07-26 06:35 - 1999-12-31 16:00 - 00193640 ___AC (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys
    2012-07-26 06:32 - 2009-02-11 08:11 - 00329752 ___AC (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys
    2012-07-26 06:31 - 2012-07-26 06:31 - 00000000 ___DC C:\Users\kid\AppData\Roaming\InstallShield
    2012-07-26 06:29 - 2012-07-26 09:37 - 00000000 ___DC C:\Windows\pss
    2012-07-26 06:22 - 2012-07-27 17:19 - 00000370 ___AC C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2012-07-26 05:49 - 2012-07-26 05:50 - 00000000 ___DC C:\Program Files\Cisco
    2012-07-26 05:47 - 1999-12-31 16:00 - 00614400 ___AC (Realtek Semiconductor Corp. ) C:\Windows\Rtlihvs.dll
    2012-07-26 05:47 - 1999-12-31 16:00 - 00380928 ___AC (Realtek) C:\Windows\RtlUI2.exe
    2012-07-26 05:47 - 1999-12-31 16:00 - 00188416 ___AC (Realtek Semiconductor Corp. ) C:\Windows\RTLExtUI.dll
    2012-07-26 05:46 - 2012-07-26 05:48 - 00000000 ___DC C:\Program Files\REALTEK RTL8187SE Wireless LAN Driver
    2012-07-26 05:46 - 2009-02-04 17:49 - 00451072 ___AC C:\Windows\System32\ISSRemoveSP.exe
    2012-07-26 05:46 - 1999-12-31 16:00 - 00614400 ___AC (Realtek Semiconductor Corp. ) C:\Windows\System32\Rtlihvs.dll
    2012-07-26 05:46 - 1999-12-31 16:00 - 00380928 ___AC (Realtek) C:\Windows\System32\RtlUI2.exe
    2012-07-26 05:46 - 1999-12-31 16:00 - 00188416 ___AC (Realtek Semiconductor Corp. ) C:\Windows\System32\RTLExtUI.dll
    2012-07-26 05:38 - 1999-12-31 16:00 - 00363112 ___AC (Realtek ) C:\Windows\System32\Drivers\Rtlh86.sys
    2012-07-26 05:38 - 1999-12-31 16:00 - 00100896 ___AC (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst32.dll
    2012-07-26 05:38 - 1999-12-31 16:00 - 00080488 ___AC (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp32.dll
    2012-07-26 05:27 - 1999-12-31 16:00 - 11405312 ___AC (Intel Corporation) C:\Windows\System32\ig4icd32.dll
    2012-07-26 05:27 - 1999-12-31 16:00 - 09037312 ___AC (Intel Corporation) C:\Windows\System32\Drivers\igdkmd32.sys
    2012-07-26 05:27 - 1999-12-31 16:00 - 08198936 ___AC (Intel(R) Corporation) C:\Windows\System32\TVWSetup.exe
    2012-07-26 05:27 - 1999-12-31 16:00 - 04411392 ___AC (Intel Corporation) C:\Windows\System32\igd10umd32.dll
    2012-07-26 05:27 - 1999-12-31 16:00 - 03157784 ___AC (Intel Corporation) C:\Windows\System32\GfxUI.exe
    2012-07-26 05:27 - 1999-12-31 16:00 - 00208896 ___AC (Intel Corporation) C:\Windows\System32\iglhsip32.dll
    2012-07-26 05:27 - 1999-12-31 16:00 - 00195584 ___AC (Intel Corporation) C:\Windows\System32\igfxpph.dll
    2012-07-26 05:27 - 1999-12-31 16:00 - 00179480 ___AC (Intel Corporation) C:\Windows\System32\igfxext.exe
    2012-07-26 05:27 - 1999-12-31 16:00 - 00147456 ___AC (Intel Corporation) C:\Windows\System32\iglhcp32.dll
    2012-07-26 05:27 - 1999-12-31 16:00 - 00130048 ___AC (Intel Corporation) C:\Windows\System32\igfxdo.dll
    2012-07-26 05:27 - 1999-12-31 16:00 - 00127488 ___AC (Intel(R) Corporation) C:\Windows\System32\Drivers\IntcHdmi.sys
    2012-07-26 05:27 - 1999-12-31 16:00 - 00120320 ___AC (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
    2012-07-26 05:27 - 1999-12-31 16:00 - 00081920 ___AC (Intel Corporation) C:\Windows\System32\igfxCoIn_v2555.dll
    2012-07-26 05:27 - 1999-12-31 16:00 - 00023552 ___AC (Intel Corporation) C:\Windows\System32\igfxexps.dll
    2012-07-26 05:27 - 1999-12-31 16:00 - 00004096 ___AC ( ) C:\Windows\System32\IGFXDEVLib.dll
    2012-07-26 05:26 - 1999-12-31 16:00 - 00189552 ___AC C:\Windows\System32\Gfxres.th-TH.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00178407 ___AC C:\Windows\System32\Gfxres.el-GR.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00165395 ___AC C:\Windows\System32\Gfxres.ru-RU.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00139909 ___AC C:\Windows\System32\Gfxres.ar-SA.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00136401 ___AC C:\Windows\System32\Gfxres.ja-JP.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00133746 ___AC C:\Windows\System32\Gfxres.he-IL.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00125558 ___AC C:\Windows\System32\Gfxres.it-IT.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00123230 ___AC C:\Windows\System32\Gfxres.ko-KR.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00122927 ___AC C:\Windows\System32\Gfxres.es-ES.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00122709 ___AC C:\Windows\System32\Gfxres.de-DE.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00121173 ___AC C:\Windows\System32\Gfxres.tr-TR.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00120800 ___AC C:\Windows\System32\Gfxres.fr-FR.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00120366 ___AC C:\Windows\System32\Gfxres.pt-BR.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00119616 ___AC C:\Windows\System32\Gfxres.hu-HU.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00119586 ___AC C:\Windows\System32\Gfxres.nl-NL.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00119360 ___AC C:\Windows\System32\Gfxres.sv-SE.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00119067 ___AC C:\Windows\System32\Gfxres.pt-PT.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00118745 ___AC C:\Windows\System32\Gfxres.cs-CZ.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00118697 ___AC C:\Windows\System32\Gfxres.fi-FI.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00118409 ___AC C:\Windows\System32\Gfxres.pl-PL.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00118058 ___AC C:\Windows\System32\Gfxres.sk-SK.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00115200 ___AC (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
    2012-07-26 05:26 - 1999-12-31 16:00 - 00114852 ___AC C:\Windows\System32\Gfxres.nb-NO.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00114372 ___AC C:\Windows\System32\Gfxres.sl-SI.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00114261 ___AC C:\Windows\System32\Gfxres.da-DK.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00110214 ___AC C:\Windows\System32\Gfxres.en-US.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00104044 ___AC C:\Windows\System32\Gfxres.zh-TW.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00102883 ___AC C:\Windows\System32\Gfxres.zh-CN.resources
    2012-07-26 05:26 - 1999-12-31 16:00 - 00086528 ___AC (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00086528 ___AC (Intel Corporation) C:\Windows\System32\igfxresn.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00086528 ___AC (Intel Corporation) C:\Windows\System32\igfxrell.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00086016 ___AC (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00086016 ___AC (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00086016 ___AC (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00086016 ___AC (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00086016 ___AC (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00086016 ___AC (Intel Corporation) C:\Windows\System32\igfxrita.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00086016 ___AC (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00085504 ___AC (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00085504 ___AC (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00085504 ___AC (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00085504 ___AC (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00085504 ___AC (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00085504 ___AC (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00085504 ___AC (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00085504 ___AC (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00084992 ___AC (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00084992 ___AC (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00084480 ___AC (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00084480 ___AC (Intel Corporation) C:\Windows\System32\igfxrara.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00082944 ___AC (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00082944 ___AC (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00081920 ___AC (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00081920 ___AC (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
    2012-07-26 05:26 - 1999-12-31 16:00 - 00051628 ___AC C:\Windows\System32\iglhxs32.vp
    2012-07-26 05:22 - 2012-07-30 03:39 - 00000382 ___AC C:\Windows\Tasks\SlimDrivers Startup.job
    2012-07-26 05:22 - 2012-07-30 03:38 - 00013024 ___AC C:\Windows\System32\Drivers\SWDUMon.sys
    2012-07-26 05:22 - 2012-07-26 05:22 - 00000000 ___DC C:\Users\Public\Documents\Downloaded Installers
    2012-07-26 05:22 - 2012-07-26 05:22 - 00000000 ___DC C:\Users\kid\AppData\Local\SlimWare Utilities Inc
    2012-07-26 05:09 - 2012-07-26 05:10 - 00604032 ___AC (SlimWare Utilities, Inc.) C:\Users\kid\Downloads\slimdrivers-setup.exe
    2012-07-26 01:27 - 2012-07-26 01:27 - 00773918 ___AC C:\Users\kid\Downloads\memtest86-4.0s.iso.zip
    2012-07-26 01:20 - 2012-07-26 01:20 - 00077052 ___AC C:\Users\kid\Downloads\memtest35b.zip
    2012-07-26 01:12 - 2012-07-26 01:13 - 01995120 ___AC (PC Drivers HeadQuarters) C:\Users\kid\Downloads\DriverDetective.exe
    2012-07-25 11:47 - 2012-07-25 11:48 - 01144963 ___AC C:\Users\kid\Downloads\ProcessExplorer.zip
    2012-07-24 18:37 - 2012-07-24 18:37 - 00127860 ___AC C:\Users\kid\Downloads\memtest86+-4.20.usb.installer.zip
    2012-07-24 18:02 - 2012-07-24 18:02 - 00012024 ___AC C:\Users\kid\Downloads\libusb0.zip
    2012-07-24 17:55 - 2012-07-24 17:55 - 00250482 ___AC C:\Users\kid\Downloads\spfclean.exe
    2012-07-24 17:52 - 2012-07-24 17:52 - 00662858 ___AC C:\Users\kid\Downloads\VClean.exe
    2012-07-24 17:46 - 2012-07-24 17:46 - 00000249 ___AC C:\Users\kid\Downloads\SafeMode.txt
    2012-07-24 14:06 - 2012-07-25 16:04 - 00000000 ___DC C:\Users\kid\AppData\Roaming\X-Chat 2
    2012-07-24 14:02 - 2012-07-24 14:03 - 00000000 ___DC C:\Users\kid\AppData\Roaming\HexChat
    2012-07-24 13:49 - 2012-07-30 01:14 - 00000370 ___AC C:\rkill.log
    2012-07-24 09:34 - 2012-07-24 09:34 - 00000000 ___DC C:\Users\kid\AppData\Roaming\Media Player Classic
    2012-07-24 09:33 - 2012-07-24 09:33 - 00001675 ___AC C:\Users\kid\Desktop\MPC-HC.lnk
    2012-07-24 09:33 - 2012-07-24 09:33 - 00000000 ___DC C:\Program Files\MPC-HC
    2012-07-24 09:33 - 2012-05-26 03:36 - 00178176 ___AC C:\Windows\System32\unrar.dll
    2012-07-24 07:49 - 2012-07-24 07:49 - 00141616 ___AC C:\Windows\Minidump\Mini072412-01.dmp
    2012-07-24 04:23 - 2012-07-24 04:23 - 00000911 ___AC C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-06 09:38 - 2012-07-06 09:38 - 00000000 __HDC C:\Windows\msdownld.tmp
    2012-07-06 09:18 - 2012-07-06 09:18 - 00000215 ___AC C:\Users\kid\Desktop\The Maw.url
    2012-07-06 09:06 - 2010-06-01 19:55 - 00527192 ___AC (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
    2012-07-06 09:06 - 2010-06-01 19:55 - 00239960 ___AC (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
    2012-07-06 09:06 - 2010-06-01 19:55 - 00074072 ___AC (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
    2012-07-06 09:06 - 2010-05-26 02:41 - 02106216 ___AC (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
    2012-07-06 09:06 - 2010-05-26 02:41 - 01998168 ___AC (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
    2012-07-06 09:06 - 2010-05-26 02:41 - 01868128 ___AC (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
    2012-07-06 09:06 - 2010-05-26 02:41 - 00470880 ___AC (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
    2012-07-06 09:06 - 2010-05-26 02:41 - 00248672 ___AC (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
    2012-07-06 09:06 - 2010-02-04 01:01 - 00528216 ___AC (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
    2012-07-06 09:06 - 2010-02-04 01:01 - 00238936 ___AC (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
    2012-07-06 09:06 - 2010-02-04 01:01 - 00074072 ___AC (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
    2012-07-06 09:06 - 2010-02-04 01:01 - 00022360 ___AC (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
    2012-07-06 09:06 - 2009-09-04 08:44 - 00515416 ___AC (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2012-07-06 09:06 - 2009-09-04 08:44 - 00238936 ___AC (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2012-07-06 09:06 - 2009-09-04 08:44 - 00069464 ___AC (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2012-07-06 09:06 - 2009-09-04 08:29 - 05501792 ___AC (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2012-07-06 09:06 - 2009-09-04 08:29 - 01974616 ___AC (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2012-07-06 09:06 - 2009-09-04 08:29 - 00453456 ___AC (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
    2012-07-06 09:06 - 2009-09-04 08:29 - 00235344 ___AC (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2012-07-06 09:06 - 2009-03-16 05:18 - 00517448 ___AC (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2012-07-06 09:06 - 2009-03-16 05:18 - 00235352 ___AC (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2012-07-06 09:06 - 2009-03-16 05:18 - 00022360 ___AC (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2012-07-06 09:06 - 2009-03-09 06:27 - 04178264 ___AC (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
    2012-07-06 09:06 - 2009-03-09 06:27 - 01846632 ___AC (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
    2012-07-06 09:06 - 2009-03-09 06:27 - 00453456 ___AC (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2012-07-06 09:06 - 2008-10-27 01:04 - 00514384 ___AC (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2012-07-06 09:06 - 2008-10-27 01:04 - 00235856 ___AC (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2012-07-06 09:06 - 2008-10-27 01:04 - 00070992 ___AC (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2012-07-06 09:06 - 2008-10-27 01:04 - 00023376 ___AC (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2012-07-06 09:06 - 2008-10-14 21:22 - 04379984 ___AC (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2012-07-06 09:06 - 2008-10-14 21:22 - 02036576 ___AC (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2012-07-04 11:31 - 2012-07-04 11:31 - 00141640 ___AC C:\Windows\Minidump\Mini070412-01.dmp
    2012-07-01 23:20 - 2012-07-01 23:20 - 00141640 ___AC C:\Windows\Minidump\Mini070212-01.dmp
    2012-07-01 02:43 - 2012-07-01 02:44 - 00141640 ___AC C:\Windows\Minidump\Mini070112-01.dmp
     
  2. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    ============ 3 Months Modified Files ========================

    2012-07-30 03:39 - 2012-07-26 05:22 - 00000382 ___AC C:\Windows\Tasks\SlimDrivers Startup.job
    2012-07-30 03:39 - 2006-11-02 05:01 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-30 03:39 - 2006-11-02 05:01 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
    2012-07-30 03:38 - 2012-07-26 05:22 - 00013024 ___AC C:\Windows\System32\Drivers\SWDUMon.sys
    2012-07-30 03:38 - 2012-05-13 04:51 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-30 03:38 - 2009-11-01 07:00 - 00000882 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-30 03:37 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-30 03:37 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-30 03:35 - 2012-05-09 07:41 - 00279552 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-30 03:12 - 2009-07-25 07:07 - 01312243 ___AC C:\Windows\WindowsUpdate.log
    2012-07-30 03:03 - 2012-07-30 03:03 - 00001945 ___AC C:\Windows\epplauncher.mif
    2012-07-30 03:02 - 2006-11-02 02:33 - 00712984 ___AC C:\Windows\System32\PerfStringBackup.INI
    2012-07-30 02:45 - 2012-07-30 02:45 - 00012872 ___AC (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
    2012-07-30 02:32 - 2008-01-20 18:47 - 00053036 ___AC C:\Windows\PFRO.log
    2012-07-30 01:14 - 2012-07-24 13:49 - 00000370 ___AC C:\rkill.log
    2012-07-28 12:46 - 2012-07-28 12:46 - 00432128 ___AC (Stardock Systems, Inc) C:\Users\kid\AppData\Roaming\lbrog.dll
    2012-07-28 10:11 - 2009-11-01 07:00 - 00000886 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-28 05:16 - 2011-09-30 14:06 - 00000918 ___AC C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2711639450-1393319144-3070271478-1000UA.job
    2012-07-28 01:22 - 2012-07-28 01:21 - 08669472 ___AC (Microsoft Corporation) C:\Users\kid\Downloads\Windows7UpgradeAdvisorSetup.exe
    2012-07-27 20:19 - 2009-10-21 13:54 - 00028672 ___AC C:\Users\kid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-27 17:19 - 2012-07-26 06:22 - 00000370 ___AC C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2012-07-27 15:04 - 2012-07-27 15:04 - 18831496 ___AC (SUPERAntiSpyware.com) C:\Users\kid\Downloads\SUPERAntiSpyware (1).exe
    2012-07-27 15:04 - 2012-07-27 15:03 - 18831496 ___AC (SUPERAntiSpyware.com) C:\Users\kid\Downloads\SUPERAntiSpyware.exe
    2012-07-27 14:43 - 2006-11-02 04:52 - 00183151 ___AC C:\Windows\setupact.log
    2012-07-27 11:16 - 2011-09-30 14:06 - 00000896 ___AC C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2711639450-1393319144-3070271478-1000Core.job
    2012-07-27 10:38 - 2012-05-13 04:51 - 00426184 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-07-27 10:38 - 2012-03-25 04:34 - 00070344 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-07-27 05:29 - 2006-11-02 04:47 - 00306808 ___AC C:\Windows\System32\FNTCACHE.DAT
    2012-07-27 05:28 - 2009-11-20 06:46 - 00205539 ___AC C:\aaw7boot.log
    2012-07-27 05:25 - 2012-07-27 05:25 - 00000000 __AHC C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2012-07-27 05:25 - 2012-07-27 05:25 - 00000000 __AHC C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
    2012-07-27 04:36 - 2012-07-27 04:30 - 00004020 ___AC C:\Windows\IE9_main.log
    2012-07-27 04:35 - 2012-07-27 04:35 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-07-27 04:35 - 2012-07-27 04:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-27 04:35 - 2012-07-27 04:35 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-27 04:35 - 2012-07-27 04:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-07-27 04:35 - 2012-07-27 04:35 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-07-27 04:35 - 2012-07-27 04:35 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-07-27 04:35 - 2012-07-27 04:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-07-27 04:35 - 2012-07-27 04:35 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-07-27 04:35 - 2006-11-01 22:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
    2012-07-27 04:35 - 2006-11-01 22:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
    2012-07-27 04:34 - 2012-07-27 04:34 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
    2012-07-27 04:34 - 2012-07-27 04:34 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2012-07-27 04:34 - 2012-07-27 04:34 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
    2012-07-27 04:34 - 2012-07-27 04:34 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2012-07-27 04:34 - 2012-07-27 04:34 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
    2012-07-27 04:32 - 2012-07-27 04:32 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
    2012-07-27 04:32 - 2012-07-27 04:32 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
    2012-07-26 10:34 - 2012-07-26 10:33 - 01448809 ___AC (DOSBox Team) C:\Users\kid\Downloads\DOSBox0.74-win32-installer.exe
    2012-07-26 10:33 - 2012-07-26 10:33 - 00096608 ___AC C:\Users\kid\Downloads\bman10.zip
    2012-07-26 08:46 - 2006-11-02 02:23 - 00002577 ___AC C:\Windows\System32\config.nt
    2012-07-26 06:23 - 2009-02-18 06:31 - 00016088 ___AC C:\Windows\System32\results.xml
    2012-07-26 05:10 - 2012-07-26 05:09 - 00604032 ___AC (SlimWare Utilities, Inc.) C:\Users\kid\Downloads\slimdrivers-setup.exe
    2012-07-26 01:27 - 2012-07-26 01:27 - 00773918 ___AC C:\Users\kid\Downloads\memtest86-4.0s.iso.zip
    2012-07-26 01:20 - 2012-07-26 01:20 - 00077052 ___AC C:\Users\kid\Downloads\memtest35b.zip
    2012-07-26 01:13 - 2012-07-26 01:12 - 01995120 ___AC (PC Drivers HeadQuarters) C:\Users\kid\Downloads\DriverDetective.exe
    2012-07-25 11:48 - 2012-07-25 11:47 - 01144963 ___AC C:\Users\kid\Downloads\ProcessExplorer.zip
    2012-07-24 18:37 - 2012-07-24 18:37 - 00127860 ___AC C:\Users\kid\Downloads\memtest86+-4.20.usb.installer.zip
    2012-07-24 18:02 - 2012-07-24 18:02 - 00012024 ___AC C:\Users\kid\Downloads\libusb0.zip
    2012-07-24 17:55 - 2012-07-24 17:55 - 00250482 ___AC C:\Users\kid\Downloads\spfclean.exe
    2012-07-24 17:52 - 2012-07-24 17:52 - 00662858 ___AC C:\Users\kid\Downloads\VClean.exe
    2012-07-24 17:46 - 2012-07-24 17:46 - 00000249 ___AC C:\Users\kid\Downloads\SafeMode.txt
    2012-07-24 16:48 - 2006-11-02 02:22 - 41418752 ____A C:\Windows\System32\config\software_previous
    2012-07-24 16:48 - 2006-11-02 02:22 - 19660800 ____A C:\Windows\System32\config\system_previous
    2012-07-24 16:45 - 2006-11-02 02:22 - 39059456 ____A C:\Windows\System32\config\components_previous
    2012-07-24 16:45 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
    2012-07-24 09:33 - 2012-07-24 09:33 - 00001675 ___AC C:\Users\kid\Desktop\MPC-HC.lnk
    2012-07-24 07:49 - 2012-07-24 07:49 - 00141616 ___AC C:\Windows\Minidump\Mini072412-01.dmp
    2012-07-24 07:49 - 2012-06-03 10:36 - 115672004 ____A C:\Windows\MEMORY.DMP
    2012-07-24 07:43 - 2006-11-02 02:22 - 04718592 ____A C:\Windows\System32\config\default_previous
    2012-07-24 07:43 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
    2012-07-24 04:23 - 2012-07-24 04:23 - 00000911 ___AC C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-12 12:15 - 2012-06-29 12:16 - 00001976 ___AC C:\Users\Public\Desktop\Google Chrome.lnk
    2012-07-11 13:09 - 2006-11-02 02:24 - 57442464 ___AC (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-06 09:18 - 2012-07-06 09:18 - 00000215 ___AC C:\Users\kid\Desktop\The Maw.url
    2012-07-04 11:31 - 2012-07-04 11:31 - 00141640 ___AC C:\Windows\Minidump\Mini070412-01.dmp
    2012-07-03 04:46 - 2010-05-12 14:55 - 00022344 ___AC (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-01 23:20 - 2012-07-01 23:20 - 00141640 ___AC C:\Windows\Minidump\Mini070212-01.dmp
    2012-07-01 02:44 - 2012-07-01 02:43 - 00141640 ___AC C:\Windows\Minidump\Mini070112-01.dmp
    2012-06-13 05:40 - 2012-07-27 05:07 - 02047488 ___AC (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-10 06:47 - 2012-06-10 06:46 - 00141640 ___AC C:\Windows\Minidump\Mini061012-01.dmp
    2012-06-08 09:47 - 2012-07-27 03:53 - 11586048 ___AC (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-05 08:47 - 2012-07-27 03:49 - 01401856 ___AC (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 08:47 - 2012-07-27 03:49 - 01248768 ___AC (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 06:31 - 2012-06-05 06:30 - 00141640 ___AC C:\Windows\Minidump\Mini060512-01.dmp
    2012-06-04 07:26 - 2012-07-27 03:47 - 00440704 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-03 10:37 - 2012-06-03 10:37 - 00141656 ___AC C:\Windows\Minidump\Mini060312-01.dmp
    2012-06-02 14:19 - 2012-07-27 03:07 - 01933848 ___AC (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-07-27 03:07 - 00577048 ___AC (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-07-27 03:07 - 00053784 ___AC (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-07-27 03:07 - 00045080 ___AC (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-07-27 03:07 - 00035864 ___AC (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-07-27 03:07 - 02422272 ___AC (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-07-27 03:07 - 00088576 ___AC (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 06:19 - 2012-07-27 03:07 - 00171904 ___AC (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 06:12 - 2012-07-27 03:07 - 00033792 ___AC (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 16:04 - 2012-07-27 03:47 - 00278528 ___AC (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 16:03 - 2012-07-27 03:47 - 00204288 ___AC (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-05-31 03:25 - 2009-10-03 05:18 - 00237072 ____C (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-26 03:36 - 2012-07-24 09:33 - 00178176 ___AC C:\Windows\System32\unrar.dll
    2012-05-09 09:34 - 2012-05-09 09:34 - 00000215 ___AC C:\Users\kid\Desktop\Nimbus Demo.url
    2012-05-09 09:28 - 2012-05-09 09:28 - 00000215 ___AC C:\Users\kid\Desktop\World of Goo Demo.url
    2012-05-09 09:21 - 2012-05-09 09:21 - 00000216 ___AC C:\Users\kid\Desktop\Rayman Origins Demo.url
    2012-05-09 09:19 - 2012-05-09 09:19 - 00000213 ___AC C:\Users\kid\Desktop\Team Fortress 2.url
    2012-05-09 09:15 - 2012-05-09 09:15 - 00000216 ___AC C:\Users\kid\Desktop\Realm of the Mad God.url
    2012-05-09 09:12 - 2012-05-09 09:12 - 00000214 ___AC C:\Users\kid\Desktop\Garry's Mod.url
    2012-05-09 07:51 - 2012-05-09 07:51 - 00000791 ___AC C:\Users\Public\Desktop\Steam.lnk
    2012-05-09 07:49 - 2012-05-09 07:49 - 01606656 ___AC C:\Users\kid\Desktop\SteamInstall.msi
    2012-05-09 07:36 - 2012-05-09 07:36 - 00174024 ___AC (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-05-09 07:36 - 2012-05-09 07:36 - 00174024 ___AC (Oracle Corporation) C:\Windows\System32\java.exe
    2012-05-09 07:19 - 2012-05-09 07:19 - 00001878 ___AC C:\Users\Public\Desktop\Skype.lnk
    2012-05-09 07:18 - 2012-05-09 07:18 - 00944264 ___AC (Skype Technologies S.A.) C:\Users\kid\Desktop\SkypeSetup.exe

    ZeroAccess:
    C:\Windows\Installer\{65e99947-af8d-6d36-4f49-167098a3bcf0}
    C:\Windows\Installer\{65e99947-af8d-6d36-4f49-167098a3bcf0}\@
    C:\Windows\Installer\{65e99947-af8d-6d36-4f49-167098a3bcf0}\L
    C:\Windows\Installer\{65e99947-af8d-6d36-4f49-167098a3bcf0}\U
    C:\Windows\Installer\{65e99947-af8d-6d36-4f49-167098a3bcf0}\U\00000001.@

    ZeroAccess:
    C:\Users\kid\AppData\Local\{65e99947-af8d-6d36-4f49-167098a3bcf0}
    C:\Users\kid\AppData\Local\{65e99947-af8d-6d36-4f49-167098a3bcf0}\@
    C:\Users\kid\AppData\Local\{65e99947-af8d-6d36-4f49-167098a3bcf0}\L
    C:\Users\kid\AppData\Local\{65e99947-af8d-6d36-4f49-167098a3bcf0}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 2008.18 MB
    Available physical RAM: 1704.3 MB
    Total Pagefile: 1943.8 MB
    Available Pagefile: 1784.55 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1974.31 MB

    ======================= Partitions =========================

    1 Drive c: (Vista) (Fixed) (Total:222.14 GB) (Free:176.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: () (Removable) (Total:0.12 GB) (Free:0.05 GB) FAT
    5 Drive x: (Recovery) (Fixed) (Total:9.28 GB) (Free:3.81 GB) NTFS
    6 Drive y: (System) (Fixed) (Total:1.46 GB) (Free:1.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 233 GB 0 B
    Disk 1 Online 125 MB 0 B
    Disk 2 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 9 GB 1024 KB
    Partition 2 Primary 1500 MB 9 GB
    Partition 3 Primary 222 GB 11 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 X Recovery NTFS Partition 9 GB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System NTFS Partition 1500 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Vista NTFS Partition 222 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 125 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    There is no volume associated with this partition.

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-30 02:39

    ======================= End Of Log ==========================

    [entire script exceeds 50000 character limit, hence splitting it into two posts]
     
  3. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-30 14:39:42
    Running from D:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2012-05-09 07:41] - [2009-04-10 22:27] - 0279552 ___AC (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:24] - [2008-01-20 18:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\System32\services.exe
    [2012-05-09 07:41] - [2012-07-30 03:35] - 0279552 ___AC (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

    C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-08-19 05:29] - [2009-04-10 22:27] - 0279552 ___AC (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    === End Of Search ===
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  5. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    Ran the FRST.exe, ran the "Fix" option and rebooted. Microsoft Security Essentials seems to be running OK and there's no critical errors popping up yet.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-30 19:27:16 Run:1
    Running from D:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\Installer\{65e99947-af8d-6d36-4f49-167098a3bcf0} moved successfully.
    C:\Users\kid\AppData\Local\{65e99947-af8d-6d36-4f49-167098a3bcf0} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  7. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    ComboFix ran through all 50 stages, made notes on deleting several corrupted files/folders, then restarted the computer automatically. It's hanging on a black screen at the moment with a blinking cursor.
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okay. Give it a little more time. If it doesn't respond, try the run for ComboFix again.
     
  9. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    Since I transferred the ComboFix file to the other laptop via USB I had left the flash drive in the laptop when ComboFix rebooted the computer - I believe that accounted for the blank screen/blinking cursor/inability to F8. The device was removed, the laptop rebooted and I have a copy of the log.

    ComboFix 12-07-30.01 - kid 30/07/2012 20:29:21.1.2 - x86
    Running from: c:\users\kid\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\kid\AppData\Roaming\Agamx
    c:\users\kid\AppData\Roaming\Agamx\toria.agk
    c:\users\kid\AppData\Roaming\lbrog.dll
    c:\windows\system32\ST~62E9.tmp
    c:\windows\system32\ST~6338.tmp
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-30 20:47 . 2012-07-30 20:47 -------- dc----w- C:\FRST
    2012-07-30 19:38 . 2012-07-30 20:04 -------- dc----w- c:\users\kid\AppData\Local\temp
    2012-07-30 19:38 . 2012-07-30 19:38 -------- dc----w- c:\users\Default\AppData\Local\temp
    2012-07-30 19:38 . 2012-07-30 19:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-07-30 11:05 . 2012-02-09 13:17 713784 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DEC67CD-05DD-4A99-95F9-2E112266CC31}\gapaengine.dll
    2012-07-30 11:04 . 2012-07-16 01:41 6891424 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A491719C-D485-4ECA-9974-55BB0947A7F4}\mpengine.dll
    2012-07-30 11:02 . 2012-07-30 11:03 -------- dc----w- c:\program files\Microsoft Security Client
    2012-07-30 10:45 . 2012-07-30 10:45 12872 -c--a-w- c:\windows\system32\bootdelete.exe
    2012-07-30 10:34 . 2012-07-30 10:45 -------- dc----w- c:\programdata\HitmanPro
    2012-07-28 20:50 . 2012-07-28 20:50 -------- dcsh--w- c:\windows\system32\%APPDATA%
    2012-07-28 20:47 . 2012-07-28 20:48 -------- dc----w- c:\programdata\036DFF98000155700000EF632F3B707C
    2012-07-28 20:45 . 2012-07-30 10:28 -------- dc----w- c:\users\kid\AppData\Roaming\Naiwa
    2012-07-28 20:45 . 2012-07-28 20:49 -------- dc----w- c:\users\kid\AppData\Roaming\Yfanon
    2012-07-27 22:48 . 2012-07-27 22:48 -------- dc----w- c:\programdata\Sophos
    2012-07-27 13:57 . 2011-03-12 21:55 876032 -c--a-w- c:\windows\system32\XpsPrint.dll
    2012-07-27 13:57 . 2012-03-01 14:46 219648 -c--a-w- c:\windows\system32\d3d10_1core.dll
    2012-07-27 13:57 . 2012-02-29 14:08 1172480 -c--a-w- c:\windows\system32\d3d10warp.dll
    2012-07-27 13:57 . 2012-02-29 13:44 683008 -c--a-w- c:\windows\system32\d2d1.dll
    2012-07-27 13:57 . 2012-02-29 13:41 1069056 -c--a-w- c:\windows\system32\DWrite.dll
    2012-07-27 13:57 . 2012-03-01 14:46 160768 -c--a-w- c:\windows\system32\d3d10_1.dll
    2012-07-27 13:25 . 2012-07-27 13:25 -------- dc----w- c:\program files\Windows Portable Devices
    2012-07-27 13:07 . 2012-06-13 13:40 2047488 -c--a-w- c:\windows\system32\win32k.sys
    2012-07-27 13:06 . 2009-09-10 02:00 92672 -c--a-w- c:\windows\system32\UIAnimation.dll
    2012-07-27 13:06 . 2009-09-10 02:00 1164800 -c--a-w- c:\windows\system32\UIRibbonRes.dll
    2012-07-27 13:06 . 2009-09-10 02:01 3023360 -c--a-w- c:\windows\system32\UIRibbon.dll
    2012-07-27 12:49 . 2012-02-29 15:11 5120 -c--a-w- c:\windows\system32\wmi.dll
    2012-07-27 12:49 . 2012-02-29 15:11 172032 -c--a-w- c:\windows\system32\wintrust.dll
    2012-07-27 12:49 . 2012-02-29 15:09 157696 -c--a-w- c:\windows\system32\imagehlp.dll
    2012-07-27 12:49 . 2012-02-29 13:32 12800 -c--a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-07-27 12:34 . 2012-07-27 12:34 98816 ----a-w- c:\windows\system32\mfps.dll
    2012-07-27 12:32 . 2012-07-27 12:32 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2012-07-27 12:32 . 2012-07-27 12:32 519680 ----a-w- c:\windows\system32\d3d11.dll
    2012-07-27 12:32 . 2012-07-27 12:32 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2012-07-27 12:32 . 2012-07-27 12:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2012-07-27 12:32 . 2012-07-27 12:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2012-07-27 12:32 . 2012-07-27 12:32 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2012-07-27 12:32 . 2012-07-27 12:32 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2012-07-27 12:15 . 2010-10-19 04:27 7680 -c--a-w- c:\program files\Internet Explorer\iecompat.dll
    2012-07-27 12:14 . 2009-01-08 01:20 265720 -c--a-w- c:\program files\Internet Explorer\msdbg2.dll
    2012-07-27 12:14 . 2009-01-08 01:20 355832 -c--a-w- c:\program files\Internet Explorer\pdm.dll
    2012-07-27 11:54 . 2012-04-23 16:00 984064 -c--a-w- c:\windows\system32\crypt32.dll
    2012-07-27 11:54 . 2012-04-23 16:00 98304 -c--a-w- c:\windows\system32\cryptnet.dll
    2012-07-27 11:54 . 2012-04-23 16:00 133120 -c--a-w- c:\windows\system32\cryptsvc.dll
    2012-07-27 11:54 . 2011-10-14 16:03 189952 -c--a-w- c:\windows\system32\winmm.dll
    2012-07-27 11:54 . 2011-10-14 16:00 23552 -c--a-w- c:\windows\system32\mciseq.dll
    2012-07-27 11:53 . 2011-11-18 20:23 1205064 -c--a-w- c:\windows\system32\ntdll.dll
    2012-07-27 11:52 . 2011-08-03 02:50 96768 -c--a-w- c:\windows\system32\psisrndr.ax
    2012-07-27 11:52 . 2011-08-03 02:50 443392 -c--a-w- c:\windows\system32\psisdecd.dll
    2012-07-27 11:52 . 2011-08-03 02:49 151552 -c--a-w- c:\windows\system32\MSNP.ax
    2012-07-27 11:52 . 2011-10-14 16:02 429056 -c--a-w- c:\windows\system32\EncDec.dll
    2012-07-27 11:52 . 2011-08-03 02:49 57856 -c--a-w- c:\windows\system32\MSDvbNP.ax
    2012-07-27 11:52 . 2011-08-03 02:49 69632 -c--a-w- c:\windows\system32\Mpeg2Data.ax
    2012-07-27 11:52 . 2012-03-20 23:28 53120 -c--a-w- c:\windows\system32\drivers\partmgr.sys
    2012-07-27 11:52 . 2012-03-30 12:39 905600 -c--a-w- c:\windows\system32\drivers\tcpip.sys
    2012-07-27 11:51 . 2012-02-01 15:11 1218048 -c--a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-07-27 11:51 . 2012-02-01 15:10 964608 -c--a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-07-27 11:51 . 2012-02-01 15:10 1404928 -c--a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
    2012-07-27 11:51 . 2012-02-01 15:10 983040 -c--a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-07-27 11:51 . 2012-02-01 15:10 936960 -c--a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-27 11:51 . 2012-02-01 13:58 47104 -c--a-w- c:\program files\Windows Journal\PDIALOG.exe
    2012-07-27 11:51 . 2011-02-22 13:33 797696 -c--a-w- c:\windows\system32\FntCache.dll
    2012-07-27 11:51 . 2011-02-22 14:13 288768 -c--a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-07-27 11:51 . 2011-11-18 17:47 66560 -c--a-w- c:\windows\system32\packager.dll
    2012-07-27 11:51 . 2011-11-25 15:59 376320 -c--a-w- c:\windows\system32\winsrv.dll
    2012-07-27 11:51 . 2011-12-14 16:17 680448 -c--a-w- c:\windows\system32\msvcrt.dll
    2012-07-27 11:50 . 2012-06-05 16:47 708608 -c--a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-27 11:50 . 2011-10-25 15:56 49152 -c--a-w- c:\windows\system32\csrsrv.dll
    2012-07-27 11:50 . 2011-10-25 15:58 1314816 -c--a-w- c:\windows\system32\quartz.dll
    2012-07-27 11:50 . 2011-10-25 15:58 497152 -c--a-w- c:\windows\system32\qdvd.dll
    2012-07-27 11:50 . 2011-11-16 16:23 377344 -c--a-w- c:\windows\system32\winhttp.dll
    2012-07-27 11:50 . 2011-11-08 14:42 2048 -c--a-w- c:\windows\system32\tzres.dll
    2012-07-27 11:49 . 2012-06-05 16:47 1401856 -c--a-w- c:\windows\system32\msxml6.dll
    2012-07-27 11:49 . 2012-06-05 16:47 1248768 -c--a-w- c:\windows\system32\msxml3.dll
    2012-07-27 11:49 . 2011-08-25 16:15 555520 -c--a-w- c:\windows\system32\UIAutomationCore.dll
    2012-07-27 11:49 . 2011-08-25 13:31 4096 -c--a-w- c:\windows\system32\oleaccrc.dll
    2012-07-27 11:49 . 2011-08-25 16:14 563712 -c--a-w- c:\windows\system32\oleaut32.dll
    2012-07-27 11:49 . 2011-08-25 16:14 238080 -c--a-w- c:\windows\system32\oleacc.dll
    2012-07-27 11:49 . 2012-03-01 11:01 2409784 -c--a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-07-27 11:49 . 2012-05-01 14:03 180736 -c--a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-27 11:49 . 2012-04-03 08:16 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe
    2012-07-27 11:49 . 2012-04-03 08:16 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe
    2012-07-27 11:49 . 2011-09-30 15:57 707584 -c--a-w- c:\program files\Common Files\System\wab32.dll
    2012-07-27 11:47 . 2012-06-04 15:26 440704 -c--a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-27 11:47 . 2012-06-02 00:04 278528 -c--a-w- c:\windows\system32\schannel.dll
    2012-07-27 11:47 . 2012-06-02 00:03 204288 -c--a-w- c:\windows\system32\ncrypt.dll
    2012-07-27 11:47 . 2011-11-16 16:21 1259008 -c--a-w- c:\windows\system32\lsasrv.dll
    2012-07-27 11:47 . 2011-11-16 16:23 72704 -c--a-w- c:\windows\system32\secur32.dll
    2012-07-27 11:47 . 2011-11-16 14:12 9728 -c--a-w- c:\windows\system32\lsass.exe
    2012-07-27 11:47 . 2010-05-04 19:13 231424 -c--a-w- c:\windows\system32\msshsq.dll
    2012-07-27 11:28 . 2012-07-16 01:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6490718-8A83-4BB9-A6DF-E3897E8F5DCC}\mpengine.dll
    2012-07-27 11:26 . 2012-01-09 15:54 613376 -c--a-w- c:\windows\system32\rdpencom.dll
    2012-07-27 11:07 . 2012-06-02 22:19 53784 -c--a-w- c:\windows\system32\wuauclt.exe
    2012-07-27 11:07 . 2012-06-02 22:19 45080 -c--a-w- c:\windows\system32\wups2.dll
    2012-07-27 11:07 . 2012-06-02 22:12 2422272 -c--a-w- c:\windows\system32\wucltux.dll
    2012-07-27 11:07 . 2012-06-02 22:19 1933848 -c--a-w- c:\windows\system32\wuaueng.dll
    2012-07-27 11:07 . 2012-06-02 22:19 35864 -c--a-w- c:\windows\system32\wups.dll
    2012-07-27 11:07 . 2012-06-02 22:19 577048 -c--a-w- c:\windows\system32\wuapi.dll
    2012-07-27 11:07 . 2012-06-02 22:12 88576 -c--a-w- c:\windows\system32\wudriver.dll
    2012-07-27 11:07 . 2012-06-02 14:19 171904 -c--a-w- c:\windows\system32\wuwebv.dll
    2012-07-27 11:07 . 2012-06-02 14:12 33792 -c--a-w- c:\windows\system32\wuapp.exe
    2012-07-26 16:29 . 2012-07-26 16:30 -------- dc----w- c:\windows\system32\ca-ES
    2012-07-26 16:29 . 2012-07-26 16:30 -------- dc----w- c:\windows\system32\eu-ES
    2012-07-26 16:29 . 2012-07-26 16:30 -------- dc----w- c:\windows\system32\vi-VN
    2012-07-26 15:53 . 2012-07-28 14:11 -------- dc----w- c:\programdata\AVAST Software
    2012-07-26 15:53 . 2012-07-26 15:53 -------- dc----w- c:\program files\AVAST Software
    2012-07-26 15:52 . 2012-07-26 15:52 -------- dc----w- c:\windows\system32\EventProviders
    2012-07-26 14:35 . 2012-07-26 14:35 -------- dc----w- c:\windows\system32\sda
    2012-07-26 14:35 . 2000-01-01 00:00 193640 -c--a-w- c:\windows\system32\drivers\RtsUStor.sys
    2012-07-26 14:35 . 2000-01-01 00:00 9112168 -c--a-w- c:\windows\system32\RtsUStoricon.dll
    2012-07-26 14:35 . 2000-01-01 00:00 313960 -c--a-w- c:\windows\system32\RtsUStor.dll
    2012-07-26 14:32 . 2009-02-11 16:11 329752 -c--a-w- c:\windows\system32\drivers\iaStor.sys
    2012-07-26 14:31 . 2012-07-26 14:31 -------- dc----w- c:\users\kid\AppData\Roaming\InstallShield
    2012-07-26 13:49 . 2012-07-26 13:50 -------- dc----w- c:\program files\Cisco
    2012-07-26 13:47 . 2000-01-01 00:00 614400 -c--a-w- c:\windows\Rtlihvs.dll
    2012-07-26 13:47 . 2000-01-01 00:00 380928 -c--a-w- c:\windows\RtlUI2.exe
    2012-07-26 13:47 . 2000-01-01 00:00 188416 -c--a-w- c:\windows\RTLExtUI.dll
    2012-07-26 13:46 . 2000-01-01 00:00 614400 -c--a-w- c:\windows\system32\Rtlihvs.dll
    2012-07-26 13:46 . 2000-01-01 00:00 380928 -c--a-w- c:\windows\system32\RtlUI2.exe
    2012-07-26 13:46 . 2000-01-01 00:00 188416 -c--a-w- c:\windows\system32\RTLExtUI.dll
    2012-07-26 13:46 . 2012-07-26 13:48 -------- dc----w- c:\program files\REALTEK RTL8187SE Wireless LAN Driver
    2012-07-26 13:46 . 2009-02-05 01:49 451072 -c--a-w- c:\windows\system32\ISSRemoveSP.exe
    2012-07-26 13:38 . 2000-01-01 00:00 80488 -c--a-w- c:\windows\system32\RtNicProp32.dll
    2012-07-26 13:38 . 2000-01-01 00:00 363112 -c--a-w- c:\windows\system32\drivers\Rtlh86.sys
    2012-07-26 13:38 . 2000-01-01 00:00 100896 -c--a-w- c:\windows\system32\RTNUninst32.dll
    2012-07-26 13:26 . 2000-01-01 00:00 86528 -c--a-w- c:\windows\system32\igfxrfra.lrc
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-30 20:07 . 2012-07-30 20:07 29904 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A491719C-D485-4ECA-9974-55BB0947A7F4}\MpKsl17c04d3f.sys
    2012-07-27 18:38 . 2012-05-13 12:51 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-27 18:38 . 2012-03-25 12:34 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-27 12:32 . 2012-07-27 12:32 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
    2012-07-03 12:46 . 2010-05-12 22:55 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-31 11:25 . 2009-10-03 13:18 237072 -c----w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 12:51 3911776 -c--a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WTClient"="WTClient.exe" [2007-04-11 40960]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 171288]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 172824]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
    "Skytel"="Skytel.exe" [2008-09-09 1833504]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launch.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launch.lnk
    backup=c:\windows\pss\Launch.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^kid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 21:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
    2008-08-06 10:30 20480 -c--a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-09-09 18:32 6281760 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-05-03 07:36 17355912 -c--a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpareMessaging]
    2007-11-28 16:43 42824 ----a-w- c:\program files\Spare Messaging\MessagingApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2012-05-09 15:51 1242448 -c--a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 10:07 252296 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
    2007-10-12 09:33 202016 -c--a-w- c:\program files\TalkTalk\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
    2010-01-25 17:11 136488 ------w- c:\program files\CyberLink\YouCam\YCMMirage.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
    2010-01-25 17:11 224352 ------w- c:\program files\CyberLink\YouCam\YouCam.exe
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL17C04D3F
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 18:38]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:50]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:50]
    .
    2012-07-30 c:\windows\Tasks\SlimDrivers Startup.job
    - c:\program files\SlimDrivers\SlimDrivers.exe [2012-07-18 14:37]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{f4e6547e-325b-403c-a3bb-ad29ed37a92f} - (no file)
    BHO-{f4e6547e-325b-403c-a3bb-ad29ed37a92f} - (no file)
    Toolbar-{f4e6547e-325b-403c-a3bb-ad29ed37a92f} - (no file)
    HKCU-Run-lbrog - c:\users\kid\AppData\Roaming\lbrog.dll
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
    Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    MSConfigStartUp-Facebook Update - c:\users\kid\AppData\Local\Facebook\Update\FacebookUpdate.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-30 21:07
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\OEM\OSD_2.4\OsdService.exe
    c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    c:\program files\TalkTalk\bin\sprtsvc.exe
    c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe
    c:\windows\System32\Drivers\WTSRV.EXE
    c:\windows\system32\WTClient.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Spybot - Search & Destroy\SDWinSec.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-30 21:16:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-30 20:16
    .
    Pre-Run: 189,323,026,432 bytes free
    Post-Run: 189,849,690,112 bytes free
    .
    - - End Of File - - 0A08C28D22D10B124B0D091EEE82158D
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Excellent work!

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  11. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    ComboFix 12-07-30.01 - kid 31/07/2012 11:33:58.2.2 - x86
    Running from: c:\users\kid\Desktop\ComboFix.exe
    Command switches used :: c:\users\kid\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!System32!userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-31 10:42 . 2012-07-31 10:49 -------- dc----w- c:\users\kid\AppData\Local\temp
    2012-07-31 10:42 . 2012-07-31 10:42 -------- dc----w- c:\users\Default\AppData\Local\temp
    2012-07-31 10:42 . 2012-07-31 10:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-07-30 20:47 . 2012-07-30 20:47 -------- dc----w- C:\FRST
    2012-07-30 11:05 . 2012-02-09 13:17 713784 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DEC67CD-05DD-4A99-95F9-2E112266CC31}\gapaengine.dll
    2012-07-30 11:04 . 2012-07-16 01:41 6891424 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A491719C-D485-4ECA-9974-55BB0947A7F4}\mpengine.dll
    2012-07-30 11:02 . 2012-07-30 11:03 -------- dc----w- c:\program files\Microsoft Security Client
    2012-07-30 10:45 . 2012-07-30 10:45 12872 -c--a-w- c:\windows\system32\bootdelete.exe
    2012-07-30 10:34 . 2012-07-30 10:45 -------- dc----w- c:\programdata\HitmanPro
    2012-07-28 20:50 . 2012-07-28 20:50 -------- dcsh--w- c:\windows\system32\%APPDATA%
    2012-07-28 20:47 . 2012-07-28 20:48 -------- dc----w- c:\programdata\036DFF98000155700000EF632F3B707C
    2012-07-28 20:45 . 2012-07-30 10:28 -------- dc----w- c:\users\kid\AppData\Roaming\Naiwa
    2012-07-28 20:45 . 2012-07-28 20:49 -------- dc----w- c:\users\kid\AppData\Roaming\Yfanon
    2012-07-27 22:48 . 2012-07-27 22:48 -------- dc----w- c:\programdata\Sophos
    2012-07-27 13:57 . 2011-03-12 21:55 876032 -c--a-w- c:\windows\system32\XpsPrint.dll
    2012-07-27 13:57 . 2012-03-01 14:46 219648 -c--a-w- c:\windows\system32\d3d10_1core.dll
    2012-07-27 13:57 . 2012-02-29 14:08 1172480 -c--a-w- c:\windows\system32\d3d10warp.dll
    2012-07-27 13:57 . 2012-02-29 13:44 683008 -c--a-w- c:\windows\system32\d2d1.dll
    2012-07-27 13:57 . 2012-02-29 13:41 1069056 -c--a-w- c:\windows\system32\DWrite.dll
    2012-07-27 13:57 . 2012-03-01 14:46 160768 -c--a-w- c:\windows\system32\d3d10_1.dll
    2012-07-27 13:25 . 2012-07-27 13:25 -------- dc----w- c:\program files\Windows Portable Devices
    2012-07-27 13:07 . 2012-06-13 13:40 2047488 -c--a-w- c:\windows\system32\win32k.sys
    2012-07-27 13:06 . 2009-09-10 02:00 92672 -c--a-w- c:\windows\system32\UIAnimation.dll
    2012-07-27 13:06 . 2009-09-10 02:00 1164800 -c--a-w- c:\windows\system32\UIRibbonRes.dll
    2012-07-27 13:06 . 2009-09-10 02:01 3023360 -c--a-w- c:\windows\system32\UIRibbon.dll
    2012-07-27 12:49 . 2012-02-29 15:11 5120 -c--a-w- c:\windows\system32\wmi.dll
    2012-07-27 12:49 . 2012-02-29 15:11 172032 -c--a-w- c:\windows\system32\wintrust.dll
    2012-07-27 12:49 . 2012-02-29 15:09 157696 -c--a-w- c:\windows\system32\imagehlp.dll
    2012-07-27 12:49 . 2012-02-29 13:32 12800 -c--a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-07-27 12:34 . 2012-07-27 12:34 98816 ----a-w- c:\windows\system32\mfps.dll
    2012-07-27 12:32 . 2012-07-27 12:32 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2012-07-27 12:32 . 2012-07-27 12:32 519680 ----a-w- c:\windows\system32\d3d11.dll
    2012-07-27 12:32 . 2012-07-27 12:32 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2012-07-27 12:32 . 2012-07-27 12:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2012-07-27 12:32 . 2012-07-27 12:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2012-07-27 12:32 . 2012-07-27 12:32 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2012-07-27 12:32 . 2012-07-27 12:32 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2012-07-27 12:15 . 2010-10-19 04:27 7680 -c--a-w- c:\program files\Internet Explorer\iecompat.dll
    2012-07-27 12:14 . 2009-01-08 01:20 265720 -c--a-w- c:\program files\Internet Explorer\msdbg2.dll
    2012-07-27 12:14 . 2009-01-08 01:20 355832 -c--a-w- c:\program files\Internet Explorer\pdm.dll
    2012-07-27 11:54 . 2012-04-23 16:00 984064 -c--a-w- c:\windows\system32\crypt32.dll
    2012-07-27 11:54 . 2012-04-23 16:00 98304 -c--a-w- c:\windows\system32\cryptnet.dll
    2012-07-27 11:54 . 2012-04-23 16:00 133120 -c--a-w- c:\windows\system32\cryptsvc.dll
    2012-07-27 11:54 . 2011-10-14 16:03 189952 -c--a-w- c:\windows\system32\winmm.dll
    2012-07-27 11:54 . 2011-10-14 16:00 23552 -c--a-w- c:\windows\system32\mciseq.dll
    2012-07-27 11:53 . 2011-11-18 20:23 1205064 -c--a-w- c:\windows\system32\ntdll.dll
    2012-07-27 11:52 . 2011-08-03 02:50 96768 -c--a-w- c:\windows\system32\psisrndr.ax
    2012-07-27 11:52 . 2011-08-03 02:50 443392 -c--a-w- c:\windows\system32\psisdecd.dll
    2012-07-27 11:52 . 2011-08-03 02:49 151552 -c--a-w- c:\windows\system32\MSNP.ax
    2012-07-27 11:52 . 2011-10-14 16:02 429056 -c--a-w- c:\windows\system32\EncDec.dll
    2012-07-27 11:52 . 2011-08-03 02:49 57856 -c--a-w- c:\windows\system32\MSDvbNP.ax
    2012-07-27 11:52 . 2011-08-03 02:49 69632 -c--a-w- c:\windows\system32\Mpeg2Data.ax
    2012-07-27 11:52 . 2012-03-20 23:28 53120 -c--a-w- c:\windows\system32\drivers\partmgr.sys
    2012-07-27 11:52 . 2012-03-30 12:39 905600 -c--a-w- c:\windows\system32\drivers\tcpip.sys
    2012-07-27 11:51 . 2012-02-01 15:11 1218048 -c--a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-07-27 11:51 . 2012-02-01 15:10 964608 -c--a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-07-27 11:51 . 2012-02-01 15:10 1404928 -c--a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
    2012-07-27 11:51 . 2012-02-01 15:10 983040 -c--a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-07-27 11:51 . 2012-02-01 15:10 936960 -c--a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-27 11:51 . 2012-02-01 13:58 47104 -c--a-w- c:\program files\Windows Journal\PDIALOG.exe
    2012-07-27 11:51 . 2011-02-22 13:33 797696 -c--a-w- c:\windows\system32\FntCache.dll
    2012-07-27 11:51 . 2011-02-22 14:13 288768 -c--a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-07-27 11:51 . 2011-11-18 17:47 66560 -c--a-w- c:\windows\system32\packager.dll
    2012-07-27 11:51 . 2011-11-25 15:59 376320 -c--a-w- c:\windows\system32\winsrv.dll
    2012-07-27 11:51 . 2011-12-14 16:17 680448 -c--a-w- c:\windows\system32\msvcrt.dll
    2012-07-27 11:50 . 2012-06-05 16:47 708608 -c--a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-27 11:50 . 2011-10-25 15:56 49152 -c--a-w- c:\windows\system32\csrsrv.dll
    2012-07-27 11:50 . 2011-10-25 15:58 1314816 -c--a-w- c:\windows\system32\quartz.dll
    2012-07-27 11:50 . 2011-10-25 15:58 497152 -c--a-w- c:\windows\system32\qdvd.dll
    2012-07-27 11:50 . 2011-11-16 16:23 377344 -c--a-w- c:\windows\system32\winhttp.dll
    2012-07-27 11:50 . 2011-11-08 14:42 2048 -c--a-w- c:\windows\system32\tzres.dll
    2012-07-27 11:49 . 2012-06-05 16:47 1401856 -c--a-w- c:\windows\system32\msxml6.dll
    2012-07-27 11:49 . 2012-06-05 16:47 1248768 -c--a-w- c:\windows\system32\msxml3.dll
    2012-07-27 11:49 . 2011-08-25 16:15 555520 -c--a-w- c:\windows\system32\UIAutomationCore.dll
    2012-07-27 11:49 . 2011-08-25 13:31 4096 -c--a-w- c:\windows\system32\oleaccrc.dll
    2012-07-27 11:49 . 2011-08-25 16:14 563712 -c--a-w- c:\windows\system32\oleaut32.dll
    2012-07-27 11:49 . 2011-08-25 16:14 238080 -c--a-w- c:\windows\system32\oleacc.dll
    2012-07-27 11:49 . 2012-03-01 11:01 2409784 -c--a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-07-27 11:49 . 2012-05-01 14:03 180736 -c--a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-27 11:49 . 2012-04-03 08:16 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe
    2012-07-27 11:49 . 2012-04-03 08:16 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe
    2012-07-27 11:49 . 2011-09-30 15:57 707584 -c--a-w- c:\program files\Common Files\System\wab32.dll
    2012-07-27 11:47 . 2012-06-04 15:26 440704 -c--a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-27 11:47 . 2012-06-02 00:04 278528 -c--a-w- c:\windows\system32\schannel.dll
    2012-07-27 11:47 . 2012-06-02 00:03 204288 -c--a-w- c:\windows\system32\ncrypt.dll
    2012-07-27 11:47 . 2011-11-16 16:21 1259008 -c--a-w- c:\windows\system32\lsasrv.dll
    2012-07-27 11:47 . 2011-11-16 16:23 72704 -c--a-w- c:\windows\system32\secur32.dll
    2012-07-27 11:47 . 2011-11-16 14:12 9728 -c--a-w- c:\windows\system32\lsass.exe
    2012-07-27 11:47 . 2010-05-04 19:13 231424 -c--a-w- c:\windows\system32\msshsq.dll
    2012-07-27 11:28 . 2012-07-16 01:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6490718-8A83-4BB9-A6DF-E3897E8F5DCC}\mpengine.dll
    2012-07-27 11:26 . 2012-01-09 15:54 613376 -c--a-w- c:\windows\system32\rdpencom.dll
    2012-07-27 11:07 . 2012-06-02 22:19 53784 -c--a-w- c:\windows\system32\wuauclt.exe
    2012-07-27 11:07 . 2012-06-02 22:19 45080 -c--a-w- c:\windows\system32\wups2.dll
    2012-07-27 11:07 . 2012-06-02 22:12 2422272 -c--a-w- c:\windows\system32\wucltux.dll
    2012-07-27 11:07 . 2012-06-02 22:19 1933848 -c--a-w- c:\windows\system32\wuaueng.dll
    2012-07-27 11:07 . 2012-06-02 22:19 35864 -c--a-w- c:\windows\system32\wups.dll
    2012-07-27 11:07 . 2012-06-02 22:19 577048 -c--a-w- c:\windows\system32\wuapi.dll
    2012-07-27 11:07 . 2012-06-02 22:12 88576 -c--a-w- c:\windows\system32\wudriver.dll
    2012-07-27 11:07 . 2012-06-02 14:19 171904 -c--a-w- c:\windows\system32\wuwebv.dll
    2012-07-27 11:07 . 2012-06-02 14:12 33792 -c--a-w- c:\windows\system32\wuapp.exe
    2012-07-26 16:29 . 2012-07-26 16:30 -------- dc----w- c:\windows\system32\ca-ES
    2012-07-26 16:29 . 2012-07-26 16:30 -------- dc----w- c:\windows\system32\eu-ES
    2012-07-26 16:29 . 2012-07-26 16:30 -------- dc----w- c:\windows\system32\vi-VN
    2012-07-26 15:53 . 2012-07-28 14:11 -------- dc----w- c:\programdata\AVAST Software
    2012-07-26 15:53 . 2012-07-26 15:53 -------- dc----w- c:\program files\AVAST Software
    2012-07-26 15:52 . 2012-07-26 15:52 -------- dc----w- c:\windows\system32\EventProviders
    2012-07-26 14:35 . 2012-07-26 14:35 -------- dc----w- c:\windows\system32\sda
    2012-07-26 14:35 . 2000-01-01 00:00 193640 -c--a-w- c:\windows\system32\drivers\RtsUStor.sys
    2012-07-26 14:35 . 2000-01-01 00:00 9112168 -c--a-w- c:\windows\system32\RtsUStoricon.dll
    2012-07-26 14:35 . 2000-01-01 00:00 313960 -c--a-w- c:\windows\system32\RtsUStor.dll
    2012-07-26 14:32 . 2009-02-11 16:11 329752 -c--a-w- c:\windows\system32\drivers\iaStor.sys
    2012-07-26 14:31 . 2012-07-26 14:31 -------- dc----w- c:\users\kid\AppData\Roaming\InstallShield
    2012-07-26 13:49 . 2012-07-26 13:50 -------- dc----w- c:\program files\Cisco
    2012-07-26 13:47 . 2000-01-01 00:00 614400 -c--a-w- c:\windows\Rtlihvs.dll
    2012-07-26 13:47 . 2000-01-01 00:00 380928 -c--a-w- c:\windows\RtlUI2.exe
    2012-07-26 13:47 . 2000-01-01 00:00 188416 -c--a-w- c:\windows\RTLExtUI.dll
    2012-07-26 13:46 . 2000-01-01 00:00 614400 -c--a-w- c:\windows\system32\Rtlihvs.dll
    2012-07-26 13:46 . 2000-01-01 00:00 380928 -c--a-w- c:\windows\system32\RtlUI2.exe
    2012-07-26 13:46 . 2000-01-01 00:00 188416 -c--a-w- c:\windows\system32\RTLExtUI.dll
    2012-07-26 13:46 . 2012-07-26 13:48 -------- dc----w- c:\program files\REALTEK RTL8187SE Wireless LAN Driver
    2012-07-26 13:46 . 2009-02-05 01:49 451072 -c--a-w- c:\windows\system32\ISSRemoveSP.exe
    2012-07-26 13:38 . 2000-01-01 00:00 80488 -c--a-w- c:\windows\system32\RtNicProp32.dll
    2012-07-26 13:38 . 2000-01-01 00:00 363112 -c--a-w- c:\windows\system32\drivers\Rtlh86.sys
    2012-07-26 13:38 . 2000-01-01 00:00 100896 -c--a-w- c:\windows\system32\RTNUninst32.dll
    2012-07-26 13:26 . 2000-01-01 00:00 86528 -c--a-w- c:\windows\system32\igfxrfra.lrc
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 18:38 . 2012-05-13 12:51 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-27 18:38 . 2012-03-25 12:34 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-27 12:32 . 2012-07-27 12:32 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
    2012-07-03 12:46 . 2010-05-12 22:55 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-31 11:25 . 2009-10-03 13:18 237072 -c----w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 12:51 3911776 -c--a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WTClient"="WTClient.exe" [2007-04-11 40960]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 171288]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 172824]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
    "Skytel"="Skytel.exe" [2008-09-09 1833504]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launch.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launch.lnk
    backup=c:\windows\pss\Launch.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^kid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 21:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
    2008-08-06 10:30 20480 -c--a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-09-09 18:32 6281760 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-05-03 07:36 17355912 -c--a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpareMessaging]
    2007-11-28 16:43 42824 ----a-w- c:\program files\Spare Messaging\MessagingApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2012-05-09 15:51 1242448 -c--a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 10:07 252296 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
    2007-10-12 09:33 202016 -c--a-w- c:\program files\TalkTalk\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
    2010-01-25 17:11 136488 ------w- c:\program files\CyberLink\YouCam\YCMMirage.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
    2010-01-25 17:11 224352 ------w- c:\program files\CyberLink\YouCam\YouCam.exe
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 18:38]
    .
    2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:50]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:50]
    .
    2012-07-31 c:\windows\Tasks\SlimDrivers Startup.job
    - c:\program files\SlimDrivers\SlimDrivers.exe [2012-07-18 14:37]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-31 11:49
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\OEM\OSD_2.4\OsdService.exe
    c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    c:\program files\TalkTalk\bin\sprtsvc.exe
    c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe
    c:\windows\System32\Drivers\WTSRV.EXE
    c:\windows\system32\WTClient.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Spybot - Search & Destroy\SDWinSec.exe
    c:\windows\system32\igfxsrvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-07-31 11:57:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-31 10:57
    ComboFix2.txt 2012-07-30 20:16
    .
    Pre-Run: 189,751,349,248 bytes free
    Post-Run: 189,686,456,320 bytes free
    .
    - - End Of File - - 8B188F8B4412E5B809F6D2A433B8843D
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  13. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-31 12:13:49
    -----------------------------
    12:13:49.638 OS Version: Windows 6.0.6002 Service Pack 2
    12:13:49.638 Number of processors: 2 586 0xF0D
    12:13:49.638 ComputerName: KIDS UserName: kid
    12:14:41.726 Initialize success
    12:15:58.515 AVAST engine defs: 12073101
    12:16:12.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    12:16:12.555 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
    12:16:12.586 Disk 0 MBR read successfully
    12:16:12.586 Disk 0 MBR scan
    12:16:12.602 Disk 0 Windows VISTA default MBR code
    12:16:12.633 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9500 MB offset 2048
    12:16:12.649 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 19458048
    12:16:12.664 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 227473 MB offset 22530048
    12:16:12.664 Disk 0 scanning sectors +488394752
    12:16:12.773 Disk 0 scanning C:\Windows\system32\drivers
    12:16:26.002 Service scanning
    12:16:41.446 Service PTSimHid C:\Windows\"%SystemRoot%\System32\Drivers\PTSimHid.sys" **LOCKED** 123
    12:16:46.579 Service Tablet2k C:\Windows\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 123
    12:16:47.281 Service TClass2k C:\Windows\"%SystemRoot%\System32\Drivers\TClass2k.sys" **LOCKED** 123
    12:16:48.451 Service UCTblHid C:\Windows\"%SystemRoot%\System32\Drivers\UCTblHid.sys" **LOCKED** 123
    12:16:52.897 Modules scanning
    12:16:59.059 Disk 0 trace - called modules:
    12:16:59.090 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    12:16:59.090 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e1e2d0]
    12:16:59.105 3 CLASSPNP.SYS[883a38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84418028]
    12:17:01.399 AVAST engine scan C:\Windows
    12:17:06.734 AVAST engine scan C:\Windows\system32
    12:21:37.799 AVAST engine scan C:\Windows\system32\drivers
    12:22:03.742 AVAST engine scan C:\Users\kid
    12:28:44.912 AVAST engine scan C:\ProgramData
    12:30:47.559 Scan finished successfully
    12:31:01.646 Disk 0 MBR has been saved successfully to "C:\Users\kid\Documents\MBR.dat"
    12:31:01.646 The log file has been saved successfully to "C:\Users\kid\Documents\aswMBR.txt"
    12:32:15.862 Disk 0 MBR has been saved successfully to "C:\Users\kid\Desktop\MBR.dat"
    12:32:15.872 The log file has been saved successfully to "C:\Users\kid\Desktop\aswMBR.txt"
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    One more time here...

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  15. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    Dragging the CFScript.txt file over the ComboFix file resulted in the 50 Stage recovery process once again. If the result is supposed to be different then I guess ComboFix isn't taking to the text file in the correct manner. Also upon rebooting the system I received a pop-up screen warning me that an illegal operation had been attempted on a registry key that was pending for deletion, C:\Windows\System32\GfxUI.exe (although I also receive the same warning if I attempt to open the ComboFix.txt file in C:\ without rebooting the system first - or in fact attempting any operation without rebooting the system first).

    Since the script doesn't seem to take for whatever reason, I decided to sort the process out manually and go into Control Panel\Java\Temporary Internet Files to clear the cache.

    ComboFix 12-07-30.01 - kid 01/08/2012 10:14:16.3.2 - x86
    Running from: c:\users\kid\Desktop\ComboFix.exe
    Command switches used :: c:\users\kid\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\erdnt\cache\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-01 09:24 . 2012-08-01 09:26--------dc----w-c:\users\kid\AppData\Local\temp
    2012-08-01 09:24 . 2012-08-01 09:24--------dc----w-c:\users\Default\AppData\Local\temp
    2012-08-01 09:24 . 2012-08-01 09:24--------d-----w-c:\users\Administrator\AppData\Local\temp
    2012-07-31 11:08 . 2012-07-16 01:416891424-c--a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4AC90178-3F30-473C-B24A-0C62D80EF4B9}\mpengine.dll
    2012-07-30 20:47 . 2012-07-30 20:47--------dc----w-C:\FRST
    2012-07-30 11:05 . 2012-02-09 13:17713784-c--a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DEC67CD-05DD-4A99-95F9-2E112266CC31}\gapaengine.dll
    2012-07-30 11:02 . 2012-07-30 11:03--------dc----w-c:\program files\Microsoft Security Client
    2012-07-30 10:45 . 2012-07-30 10:4512872-c--a-w-c:\windows\system32\bootdelete.exe
    2012-07-30 10:34 . 2012-07-30 10:45--------dc----w-c:\programdata\HitmanPro
    2012-07-28 20:50 . 2012-07-28 20:50--------dcsh--w-c:\windows\system32\%APPDATA%
    2012-07-28 20:47 . 2012-07-28 20:48--------dc----w-c:\programdata\036DFF98000155700000EF632F3B707C
    2012-07-28 20:45 . 2012-07-30 10:28--------dc----w-c:\users\kid\AppData\Roaming\Naiwa
    2012-07-28 20:45 . 2012-07-28 20:49--------dc----w-c:\users\kid\AppData\Roaming\Yfanon
    2012-07-27 22:48 . 2012-07-27 22:48--------dc----w-c:\programdata\Sophos
    2012-07-27 13:57 . 2011-03-12 21:55876032-c--a-w-c:\windows\system32\XpsPrint.dll
    2012-07-27 13:57 . 2012-03-01 14:46219648-c--a-w-c:\windows\system32\d3d10_1core.dll
    2012-07-27 13:57 . 2012-02-29 14:081172480-c--a-w-c:\windows\system32\d3d10warp.dll
    2012-07-27 13:57 . 2012-02-29 13:44683008-c--a-w-c:\windows\system32\d2d1.dll
    2012-07-27 13:57 . 2012-02-29 13:411069056-c--a-w-c:\windows\system32\DWrite.dll
    2012-07-27 13:57 . 2012-03-01 14:46160768-c--a-w-c:\windows\system32\d3d10_1.dll
    2012-07-27 13:25 . 2012-07-27 13:25--------dc----w-c:\program files\Windows Portable Devices
    2012-07-27 13:07 . 2012-06-13 13:402047488-c--a-w-c:\windows\system32\win32k.sys
    2012-07-27 13:06 . 2009-09-10 02:0092672-c--a-w-c:\windows\system32\UIAnimation.dll
    2012-07-27 13:06 . 2009-09-10 02:001164800-c--a-w-c:\windows\system32\UIRibbonRes.dll
    2012-07-27 13:06 . 2009-09-10 02:013023360-c--a-w-c:\windows\system32\UIRibbon.dll
    2012-07-27 12:49 . 2012-02-29 15:115120-c--a-w-c:\windows\system32\wmi.dll
    2012-07-27 12:49 . 2012-02-29 15:11172032-c--a-w-c:\windows\system32\wintrust.dll
    2012-07-27 12:49 . 2012-02-29 15:09157696-c--a-w-c:\windows\system32\imagehlp.dll
    2012-07-27 12:49 . 2012-02-29 13:3212800-c--a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-07-27 12:34 . 2012-07-27 12:3498816----a-w-c:\windows\system32\mfps.dll
    2012-07-27 12:32 . 2012-07-27 12:32974848----a-w-c:\windows\system32\WindowsCodecs.dll
    2012-07-27 12:32 . 2012-07-27 12:32519680----a-w-c:\windows\system32\d3d11.dll
    2012-07-27 12:32 . 2012-07-27 12:32369664----a-w-c:\windows\system32\WMPhoto.dll
    2012-07-27 12:32 . 2012-07-27 12:32321024----a-w-c:\windows\system32\PhotoMetadataHandler.dll
    2012-07-27 12:32 . 2012-07-27 12:32252928----a-w-c:\windows\system32\dxdiag.exe
    2012-07-27 12:32 . 2012-07-27 12:32195584----a-w-c:\windows\system32\dxdiagn.dll
    2012-07-27 12:32 . 2012-07-27 12:32189440----a-w-c:\windows\system32\WindowsCodecsExt.dll
    2012-07-27 12:15 . 2010-10-19 04:277680-c--a-w-c:\program files\Internet Explorer\iecompat.dll
    2012-07-27 12:14 . 2009-01-08 01:20265720-c--a-w-c:\program files\Internet Explorer\msdbg2.dll
    2012-07-27 12:14 . 2009-01-08 01:20355832-c--a-w-c:\program files\Internet Explorer\pdm.dll
    2012-07-27 11:54 . 2012-04-23 16:00984064-c--a-w-c:\windows\system32\crypt32.dll
    2012-07-27 11:54 . 2012-04-23 16:0098304-c--a-w-c:\windows\system32\cryptnet.dll
    2012-07-27 11:54 . 2012-04-23 16:00133120-c--a-w-c:\windows\system32\cryptsvc.dll
    2012-07-27 11:54 . 2011-10-14 16:03189952-c--a-w-c:\windows\system32\winmm.dll
    2012-07-27 11:54 . 2011-10-14 16:0023552-c--a-w-c:\windows\system32\mciseq.dll
    2012-07-27 11:53 . 2011-11-18 20:231205064-c--a-w-c:\windows\system32\ntdll.dll
    2012-07-27 11:52 . 2011-08-03 02:5096768-c--a-w-c:\windows\system32\psisrndr.ax
    2012-07-27 11:52 . 2011-08-03 02:50443392-c--a-w-c:\windows\system32\psisdecd.dll
    2012-07-27 11:52 . 2011-08-03 02:49151552-c--a-w-c:\windows\system32\MSNP.ax
    2012-07-27 11:52 . 2011-10-14 16:02429056-c--a-w-c:\windows\system32\EncDec.dll
    2012-07-27 11:52 . 2011-08-03 02:4957856-c--a-w-c:\windows\system32\MSDvbNP.ax
    2012-07-27 11:52 . 2011-08-03 02:4969632-c--a-w-c:\windows\system32\Mpeg2Data.ax
    2012-07-27 11:52 . 2012-03-20 23:2853120-c--a-w-c:\windows\system32\drivers\partmgr.sys
    2012-07-27 11:52 . 2012-03-30 12:39905600-c--a-w-c:\windows\system32\drivers\tcpip.sys
    2012-07-27 11:51 . 2012-02-01 15:111218048-c--a-w-c:\program files\Windows Journal\NBDoc.DLL
    2012-07-27 11:51 . 2012-02-01 15:10964608-c--a-w-c:\program files\Windows Journal\JNWDRV.dll
    2012-07-27 11:51 . 2012-02-01 15:101404928-c--a-w-c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
    2012-07-27 11:51 . 2012-02-01 15:10983040-c--a-w-c:\program files\Windows Journal\JNTFiltr.dll
    2012-07-27 11:51 . 2012-02-01 15:10936960-c--a-w-c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-27 11:51 . 2012-02-01 13:5847104-c--a-w-c:\program files\Windows Journal\PDIALOG.exe
    2012-07-27 11:51 . 2011-02-22 13:33797696-c--a-w-c:\windows\system32\FntCache.dll
    2012-07-27 11:51 . 2011-02-22 14:13288768-c--a-w-c:\windows\system32\XpsGdiConverter.dll
    2012-07-27 11:51 . 2011-11-18 17:4766560-c--a-w-c:\windows\system32\packager.dll
    2012-07-27 11:51 . 2011-11-25 15:59376320-c--a-w-c:\windows\system32\winsrv.dll
    2012-07-27 11:51 . 2011-12-14 16:17680448-c--a-w-c:\windows\system32\msvcrt.dll
    2012-07-27 11:50 . 2012-06-05 16:47708608-c--a-w-c:\program files\Common Files\System\ado\msado15.dll
    2012-07-27 11:50 . 2011-10-25 15:5649152-c--a-w-c:\windows\system32\csrsrv.dll
    2012-07-27 11:50 . 2011-10-25 15:581314816-c--a-w-c:\windows\system32\quartz.dll
    2012-07-27 11:50 . 2011-10-25 15:58497152-c--a-w-c:\windows\system32\qdvd.dll
    2012-07-27 11:50 . 2011-11-16 16:23377344-c--a-w-c:\windows\system32\winhttp.dll
    2012-07-27 11:50 . 2011-11-08 14:422048-c--a-w-c:\windows\system32\tzres.dll
    2012-07-27 11:49 . 2012-06-05 16:471401856-c--a-w-c:\windows\system32\msxml6.dll
    2012-07-27 11:49 . 2012-06-05 16:471248768-c--a-w-c:\windows\system32\msxml3.dll
    2012-07-27 11:49 . 2011-08-25 16:15555520-c--a-w-c:\windows\system32\UIAutomationCore.dll
    2012-07-27 11:49 . 2011-08-25 13:314096-c--a-w-c:\windows\system32\oleaccrc.dll
    2012-07-27 11:49 . 2011-08-25 16:14563712-c--a-w-c:\windows\system32\oleaut32.dll
    2012-07-27 11:49 . 2011-08-25 16:14238080-c--a-w-c:\windows\system32\oleacc.dll
    2012-07-27 11:49 . 2012-03-01 11:012409784-c--a-w-c:\program files\Windows Mail\OESpamFilter.dat
    2012-07-27 11:49 . 2012-05-01 14:03180736-c--a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-07-27 11:49 . 2012-04-03 08:163550080-c--a-w-c:\windows\system32\ntoskrnl.exe
    2012-07-27 11:49 . 2012-04-03 08:163602816-c--a-w-c:\windows\system32\ntkrnlpa.exe
    2012-07-27 11:49 . 2011-09-30 15:57707584-c--a-w-c:\program files\Common Files\System\wab32.dll
    2012-07-27 11:47 . 2012-06-04 15:26440704-c--a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-07-27 11:47 . 2012-06-02 00:04278528-c--a-w-c:\windows\system32\schannel.dll
    2012-07-27 11:47 . 2012-06-02 00:03204288-c--a-w-c:\windows\system32\ncrypt.dll
    2012-07-27 11:47 . 2011-11-16 16:211259008-c--a-w-c:\windows\system32\lsasrv.dll
    2012-07-27 11:47 . 2011-11-16 16:2372704-c--a-w-c:\windows\system32\secur32.dll
    2012-07-27 11:47 . 2011-11-16 14:129728-c--a-w-c:\windows\system32\lsass.exe
    2012-07-27 11:47 . 2010-05-04 19:13231424-c--a-w-c:\windows\system32\msshsq.dll
    2012-07-27 11:28 . 2012-07-16 01:416891424----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6490718-8A83-4BB9-A6DF-E3897E8F5DCC}\mpengine.dll
    2012-07-27 11:26 . 2012-01-09 15:54613376-c--a-w-c:\windows\system32\rdpencom.dll
    2012-07-27 11:07 . 2012-06-02 22:1953784-c--a-w-c:\windows\system32\wuauclt.exe
    2012-07-27 11:07 . 2012-06-02 22:1945080-c--a-w-c:\windows\system32\wups2.dll
    2012-07-27 11:07 . 2012-06-02 22:122422272-c--a-w-c:\windows\system32\wucltux.dll
    2012-07-27 11:07 . 2012-06-02 22:191933848-c--a-w-c:\windows\system32\wuaueng.dll
    2012-07-27 11:07 . 2012-06-02 22:1935864-c--a-w-c:\windows\system32\wups.dll
    2012-07-27 11:07 . 2012-06-02 22:19577048-c--a-w-c:\windows\system32\wuapi.dll
    2012-07-27 11:07 . 2012-06-02 22:1288576-c--a-w-c:\windows\system32\wudriver.dll
    2012-07-27 11:07 . 2012-06-02 14:19171904-c--a-w-c:\windows\system32\wuwebv.dll
    2012-07-27 11:07 . 2012-06-02 14:1233792-c--a-w-c:\windows\system32\wuapp.exe
    2012-07-26 16:29 . 2012-07-26 16:30--------dc----w-c:\windows\system32\ca-ES
    2012-07-26 16:29 . 2012-07-26 16:30--------dc----w-c:\windows\system32\eu-ES
    2012-07-26 16:29 . 2012-07-26 16:30--------dc----w-c:\windows\system32\vi-VN
    2012-07-26 15:53 . 2012-07-28 14:11--------dc----w-c:\programdata\AVAST Software
    2012-07-26 15:53 . 2012-07-26 15:53--------dc----w-c:\program files\AVAST Software
    2012-07-26 15:52 . 2012-07-26 15:52--------dc----w-c:\windows\system32\EventProviders
    2012-07-26 14:35 . 2012-07-26 14:35--------dc----w-c:\windows\system32\sda
    2012-07-26 14:35 . 2000-01-01 00:00193640-c--a-w-c:\windows\system32\drivers\RtsUStor.sys
    2012-07-26 14:35 . 2000-01-01 00:009112168-c--a-w-c:\windows\system32\RtsUStoricon.dll
    2012-07-26 14:35 . 2000-01-01 00:00313960-c--a-w-c:\windows\system32\RtsUStor.dll
    2012-07-26 14:32 . 2009-02-11 16:11329752-c--a-w-c:\windows\system32\drivers\iaStor.sys
    2012-07-26 14:31 . 2012-07-26 14:31--------dc----w-c:\users\kid\AppData\Roaming\InstallShield
    2012-07-26 13:49 . 2012-07-26 13:50--------dc----w-c:\program files\Cisco
    2012-07-26 13:47 . 2000-01-01 00:00614400-c--a-w-c:\windows\Rtlihvs.dll
    2012-07-26 13:47 . 2000-01-01 00:00380928-c--a-w-c:\windows\RtlUI2.exe
    2012-07-26 13:47 . 2000-01-01 00:00188416-c--a-w-c:\windows\RTLExtUI.dll
    2012-07-26 13:46 . 2000-01-01 00:00614400-c--a-w-c:\windows\system32\Rtlihvs.dll
    2012-07-26 13:46 . 2000-01-01 00:00380928-c--a-w-c:\windows\system32\RtlUI2.exe
    2012-07-26 13:46 . 2000-01-01 00:00188416-c--a-w-c:\windows\system32\RTLExtUI.dll
    2012-07-26 13:46 . 2012-07-26 13:48--------dc----w-c:\program files\REALTEK RTL8187SE Wireless LAN Driver
    2012-07-26 13:46 . 2009-02-05 01:49451072-c--a-w-c:\windows\system32\ISSRemoveSP.exe
    2012-07-26 13:38 . 2000-01-01 00:0080488-c--a-w-c:\windows\system32\RtNicProp32.dll
    2012-07-26 13:38 . 2000-01-01 00:00363112-c--a-w-c:\windows\system32\drivers\Rtlh86.sys
    2012-07-26 13:38 . 2000-01-01 00:00100896-c--a-w-c:\windows\system32\RTNUninst32.dll
    2012-07-26 13:26 . 2000-01-01 00:0086528-c--a-w-c:\windows\system32\igfxrfra.lrc
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 18:38 . 2012-05-13 12:51426184-c--a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-07-27 18:38 . 2012-03-25 12:3470344-c--a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-27 12:32 . 2012-07-27 12:324096----a-w-c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
    2012-07-03 12:46 . 2010-05-12 22:5522344-c--a-w-c:\windows\system32\drivers\mbam.sys
    2012-05-31 11:25 . 2009-10-03 13:18237072-c----w-c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 12:513911776-c--a-w-c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WTClient"="WTClient.exe" [2007-04-11 40960]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 171288]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 172824]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
    "Skytel"="Skytel.exe" [2008-09-09 1833504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launch.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launch.lnk
    backup=c:\windows\pss\Launch.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^kid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\kid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 21:1639792-c--a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
    2008-08-06 10:3020480-c--a-w-c:\program files\Google\Google EULA\GoogleEULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
    2012-03-26 16:08931200-c--a-w-c:\program files\Microsoft Security Client\msseces.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 16:443883856----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-09-09 18:326281760----a-w-c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-05-03 07:3617355912-c--a-r-c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpareMessaging]
    2007-11-28 16:4342824----a-w-c:\program files\Spare Messaging\MessagingApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2012-05-09 15:511242448-c--a-w-c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 10:07252296-c--a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
    2007-10-12 09:33202016-c--a-w-c:\program files\TalkTalk\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
    2010-01-25 17:11136488------w-c:\program files\CyberLink\YouCam\YCMMirage.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
    2010-01-25 17:11224352------w-c:\program files\CyberLink\YouCam\YouCam.exe
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 18:38]
    .
    2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:50]
    .
    2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:50]
    .
    2012-08-01 c:\windows\Tasks\SlimDrivers Startup.job
    - c:\program files\SlimDrivers\SlimDrivers.exe [2012-07-18 14:37]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-01 10:26
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\OEM\OSD_2.4\OsdService.exe
    c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    c:\program files\TalkTalk\bin\sprtsvc.exe
    c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe
    c:\windows\System32\Drivers\WTSRV.EXE
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\WTClient.exe
    c:\program files\Spybot - Search & Destroy\SDWinSec.exe
    c:\windows\system32\igfxsrvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-08-01 10:33:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-01 09:33
    ComboFix2.txt 2012-07-31 10:57
    ComboFix3.txt 2012-07-30 20:16
    .
    Pre-Run: 181,555,298,304 bytes free
    Post-Run: 181,688,320,000 bytes free
    .
    - - End Of File - - 59924A7C7DC5FA121241FD4A5EB05C39
     
  16. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    I also ran the ESET online scanner which claimed to quarantine four items, including the trojan. However the log.txt is a lot smaller than I expected. This isn't supposed to be the result, is it.

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK

    EDIT: Yeah, the scan apparently finished at 11:36 if the Quarantine folder's "Date modified" time is to believed, but the text file claims it was creatified/modified/accessed at 10:47. I'm not sure why it didn't update the file.
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    That's okay. You did it all correctly.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  18. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    I'm not receiving any error messages when opening files and there are no fake antivirus popups. MSE runs fine in terms of scanning, but it refuses to download any updates. Windows Update also checks for updates but refuses to download them. In MSE the error code given is 0x80240022, in Windows Update the error code given is 80246008. The most common solutions for both these errors are to check Services.msc where I would restart Automatic Updates and Background Intelligent Transfer Services or BITS. However both entries are missing from Services.msc and MSConfig and I can't find out where to restore/reinstall/reconfigure them.
     
  19. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    I should probably also note that other services like Malwarebytes and Spybot are able to download and install updates just fine, so it's not a widespread problem across the board, just with MSE and Windows Updates.
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

  21. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    Typing in either (%windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\au.inf) or (%windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\qmgr.inf) resulted in a small pop-window saying "Installation Failed". Running both commands in Start>Run initially failed to work, so I attempted the same using the computer's hidden Admin account. Through executing the Automatic Updates process I found the au.inf file necessary for installation was missing, so I had to download a copy of that for the System32 folder. This resulted in an installation process revealing several other missing files such as wuauclt1.exe and wuaucpl.cpl, so I decided to try installing Windows Update Agent which would download the files en-mass. Didn't work. Ended up having to download new instances of au.inf, wucltui.dll, wuauclt1.exe, wuaucpl.cpl, wuaueng1.dll, wuauserv.dll, wuweb.dll (all for Automatic Updates) and qmgr.inf (for BITS).

    Background Intelligent Transfer Service was restored in Services.msc, but Automatic Updates wasn't (what a surprise). To remedy this I tried following the procedure on this page. Automatic Updates still hasn't appeared on Services.msc or MSConfig. Restarted the system and both MSE updates and Windows Updates seem to be working fine again.

    I'll keep you informed if there are any further mishaps in the next few days, otherwise I'm considering it a job well done. Thank you for the help so far!
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    You're welcome. Just let me know what occurs.
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     
  24. StevenM1988

    StevenM1988 TS Rookie Topic Starter

    Computer is running fine, no problems. However the mother became concerned and bought a new laptop anyway... then promptly returned it for another new one a few days later. Said something about a slow-running internet browser although it had the latest anti-virus running. I blame Internet Explorer.

    Thanks for all your help, you've been a wonderful resource during all this mess.
     
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Topic marked solved. √
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...