may have been hacked???

[cp0020]

ok, so i had google chrome running and in the task bar. havent used it in like 10 minutes. stepped away, when i came back it says "google chrome has stopped working" i clicked ok and it said "checking for a solution" and then a box popped up that said "sick my d**ck mother fu**er". and above it it said "you are rocker", which is my psn name. it said sick not suck, i guess a typo? im kind of freaking out now lol what the heck is going on?

 

[Slaymate]

Go here Spyware-Asylum, select your operating system and go through the "Full Scan" and post the log files.

 

[cp0020]

i started to freak out, after i ran the program and it did its thing and rebooted the pc and gave me a log file nothing would open, kept giving me an error. restarted the pc and it all worked....wheew!!!!! lol but here is the log. wouldnt let me upload the .txt so i had to zip it up.

 

[cp0020]

here is the log so you wont have to download the file.




ComboFix 11-08-06.02 - chris 08/06/2011 14:01:15.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.1.1252.1.1033.18.8191.6535 [GMT -4:00]
Running from: c:\users\chris\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\chris\AppData\Local\TempDIR
c:\users\chris\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\chris\AppData\Roaming\chrislog.dat
c:\users\chris\AppData\Roaming\chrtmp
c:\users\chris\AppData\Roaming\FILE_21583.exe
c:\users\chris\AppData\Roaming\FILE_22394.exe
c:\users\chris\AppData\Roaming\FILE_25313.exe
c:\users\chris\AppData\Roaming\FILE_27280.exe
c:\users\chris\AppData\Roaming\FILE_28702.exe
c:\users\chris\AppData\Roaming\FILE_35966.exe
c:\users\chris\AppData\Roaming\FILE_42105.exe
c:\users\chris\AppData\Roaming\FILE_4768.exe
c:\users\chris\AppData\Roaming\FILE_55130.exe
c:\users\chris\AppData\Roaming\FILE_62524.exe
c:\users\chris\AppData\Roaming\FILE_69372.exe
c:\users\chris\AppData\Roaming\FILE_69821.exe
c:\users\chris\AppData\Roaming\FILE_78886.exe
c:\users\chris\AppData\Roaming\FILE_80395.exe
c:\users\chris\AppData\Roaming\FILE_88233.exe
c:\users\chris\AppData\Roaming\FILE_93235.exe
c:\users\chris\AppData\Roaming\FILE_94187.exe
c:\users\chris\AppData\Roaming\FILE_95013.exe
c:\users\chris\AppData\Roaming\FILE_95509.exe
c:\users\chris\AppData\Roaming\FILE_980.exe
c:\users\chris\AppData\Roaming\inid.exe
c:\users\chris\AppData\Roaming\lovely.ini
c:\users\chris\AppData\Roaming\megui.exe.exe
c:\users\chris\AppData\Roaming\Microsoft\Protect\Credentials\audiodgi.exe
c:\users\chris\AppData\Roaming\Microsoft\Protect\Credentials\wmpmetwk.exe
c:\users\chris\AppData\Roaming\net.bat
c:\users\chris\AppData\Roaming\net.vbs
c:\users\chris\AppData\Roaming\svchoshthht.exe
c:\users\chris\AppData\Roaming\system.exe.exe
c:\users\chris\AppData\Roaming\windows.exe.exe
c:\users\chris\AppData\Roaming\zzbrenkzz.exe
c:\windows\123.exe
c:\windows\SysWow64\windows
c:\windows\SysWow64\windows\Svchost.exe
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-06 18:05 . 2011-08-06 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-06 18:05 . 2011-08-06 18:05 -------- d-----w- c:\users\amanda\AppData\Local\temp
2011-08-06 15:52 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FE1B027-1759-48D6-B519-B86F236CBE31}\mpengine.dll
2011-08-05 15:22 . 2011-08-05 15:31 -------- d-----w- c:\users\chris\.android
2011-08-05 15:21 . 2011-08-05 15:21 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-05 15:20 . 2011-08-05 15:21 -------- d-----w- c:\program files\Java
2011-08-04 02:41 . 2011-08-04 02:41 143360 ----a-w- c:\windows\SysWow64\UAService7.exe
2011-08-04 02:27 . 2011-08-04 02:27 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-08-04 02:16 . 2011-08-04 02:16 -------- d-----w- c:\program files (x86)\2K Games
2011-08-02 21:20 . 2011-08-02 21:21 -------- d-----w- c:\program files (x86)\LIMBO
2011-08-02 16:16 . 2011-08-02 16:16 -------- d-----w- c:\program files (x86)\WB Games
2011-08-02 15:11 . 2011-08-02 15:12 -------- d-----w- c:\program files (x86)\Microsoft Expression
2011-08-02 14:53 . 2011-08-02 14:53 -------- d-----w- c:\program files (x86)\WPF Toolkit
2011-08-02 14:52 . 2011-08-02 15:09 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-08-02 14:52 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-08-02 14:25 . 2011-08-02 14:25 -------- d-----w- c:\programdata\WeGame
2011-08-02 13:37 . 2011-08-02 13:37 -------- d-----w- c:\users\chris\AppData\Local\3DMGAME
2011-08-02 13:11 . 2011-08-02 13:11 -------- d-----w- c:\windows\en
2011-08-02 13:09 . 2011-08-02 13:09 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-08-02 13:08 . 2011-08-02 13:09 -------- d-----w- c:\program files (x86)\Windows Live
2011-08-02 13:08 . 2011-08-02 13:08 -------- d-----w- c:\windows\PCHEALTH
2011-08-02 13:05 . 2011-08-02 13:05 -------- d-----w- c:\users\chris\AppData\Local\Windows Live
2011-08-02 13:04 . 2011-08-02 13:04 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-08-02 13:01 . 2005-06-15 07:00 102400 ----a-w- c:\windows\SysWow64\tsccvid.dll
2011-08-02 12:46 . 2008-09-30 23:35 65536 ----a-w- c:\windows\system32\camcodec.dll
2011-08-01 22:55 . 2011-08-01 23:31 -------- d-----w- c:\users\chris\AppData\Roaming\Broad Intelligence
2011-08-01 14:47 . 2011-08-01 14:47 -------- d-----w- c:\users\chris\AppData\Roaming\PDAppFlex
2011-08-01 14:34 . 2011-08-01 14:34 -------- d-----w- c:\program files (x86)\Winstep
2011-08-01 14:34 . 2008-02-05 19:36 798208 ----a-w- c:\windows\SysWow64\NextControls.ocx
2011-08-01 14:34 . 2000-05-22 21:58 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx
2011-08-01 14:34 . 1997-07-19 20:55 1347344 ----a-w- c:\windows\SysWow64\msvbvm50.dll
2011-08-01 14:34 . 2011-08-01 14:34 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-08-01 14:32 . 2011-08-01 18:36 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-01 14:06 . 2011-08-01 14:46 -------- d-----w- c:\users\chris\Adobe After Effects CS5.5
2011-08-01 14:05 . 2011-08-01 14:05 -------- d-----w- c:\users\chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-08-01 01:59 . 2011-08-01 04:13 -------- d-----w- c:\program files (x86)\Rockstar Games
2011-08-01 01:25 . 2011-08-01 01:25 -------- d-----w- c:\users\chris\AppData\Roaming\vlc
2011-08-01 01:25 . 2011-08-01 01:25 -------- d-----w- c:\program files (x86)\VideoLAN
2011-07-31 16:39 . 2011-07-31 16:40 -------- d-----w- c:\programdata\Solidshield
2011-07-31 15:47 . 2011-07-31 15:47 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-07-30 21:05 . 2011-07-30 21:35 -------- d-----w- c:\users\chris\AppData\Local\Dxtory Software
2011-07-30 19:33 . 2011-08-02 14:32 -------- d-----w- c:\users\chris\AppData\Local\WeGame
2011-07-30 19:33 . 2009-04-07 22:43 488800 ----a-w- c:\windows\SysWow64\Ltkrn15u.dll
2011-07-30 19:33 . 2009-04-07 22:43 185688 ----a-w- c:\windows\SysWow64\Ltfil15u.dll
2011-07-30 05:32 . 2011-07-30 20:07 -------- d-----w- c:\users\chris\AppData\Local\GameSpy
2011-07-30 05:31 . 2011-07-30 20:07 -------- d-----w- c:\users\chris\AppData\Local\ApplicationHistory
2011-07-29 23:52 . 2011-07-29 23:52 -------- d-----w- c:\users\chris\AppData\Roaming\Publish Providers
2011-07-29 23:50 . 2011-07-29 23:50 -------- d-----w- c:\users\chris\AppData\Local\Sony
2011-07-29 23:49 . 2011-07-29 23:49 -------- d-----w- c:\programdata\Sony
2011-07-29 23:48 . 2011-08-02 00:24 -------- d-----w- c:\users\chris\AppData\Roaming\Sony
2011-07-29 22:33 . 2011-07-29 22:33 -------- d-----w- c:\users\chris\AppData\Local\IsolatedStorage
2011-07-29 20:09 . 2011-07-29 20:09 -------- d-----w- c:\users\chris\AppData\Local\BF3
2011-07-29 20:09 . 2011-07-29 20:09 -------- d-----w- c:\users\chris\AppData\Local\VeniceAlphaTrial
2011-07-29 20:08 . 2011-08-02 12:34 -------- d-----w- c:\program files (x86)\BF3 Alpha Trial Web Plugins
2011-07-29 20:03 . 2011-08-05 12:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-07-29 19:23 . 2011-07-29 19:23 -------- d-----w- c:\users\chris\AppData\Roaming\Origin
2011-07-29 19:23 . 2011-07-29 19:23 -------- d-----w- c:\users\chris\AppData\Local\Origin
2011-07-29 19:23 . 2011-07-31 03:15 -------- d-----w- c:\program files (x86)\Origin Games
2011-07-29 19:23 . 2011-07-29 20:05 -------- d-----w- c:\programdata\Origin
2011-07-29 19:22 . 2011-07-29 19:23 -------- d-----w- c:\program files (x86)\Origin
2011-07-29 15:23 . 2011-07-29 15:24 -------- d-----w- c:\program files (x86)\Natural Mod
2011-07-29 13:05 . 2011-07-29 13:05 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-07-28 20:55 . 2011-07-28 20:55 -------- d-----w- c:\programdata\ATI
2011-07-28 20:55 . 2011-07-28 20:55 -------- d-----w- c:\program files (x86)\AMD APP
2011-07-28 17:06 . 2011-07-28 17:06 -------- d--h--r- c:\users\chris\AppData\Roaming\SecuROM
2011-07-27 23:56 . 2011-03-25 22:03 17128 ----a-w- c:\windows\system32\roboot64.exe
2011-07-27 23:56 . 2011-03-25 09:35 1467200 ----a-w- c:\windows\SysWow64\msvcr100d.dll
2011-07-27 13:28 . 2011-07-29 20:05 -------- d-----w- c:\programdata\Electronic Arts
2011-07-27 13:28 . 2011-07-27 13:28 -------- d-----w- c:\programdata\EA Core
2011-07-25 16:22 . 2011-07-25 16:22 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2011-07-25 16:11 . 2011-07-25 16:11 -------- d-----w- c:\windows\.jagex_cache_32
2011-07-24 14:32 . 2011-07-29 13:00 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-07-24 04:10 . 2011-07-24 04:12 -------- d-----w- C:\Root
2011-07-24 04:10 . 2011-07-24 04:10 -------- d-----w- c:\program files (x86)\Activision
2011-07-24 04:09 . 2011-07-24 04:09 -------- d-sh--w- c:\windows\ftpcache
2011-07-23 18:56 . 2011-07-23 19:05 -------- d-----w- c:\program files (x86)\RocketDock
2011-07-22 12:46 . 2011-07-22 12:46 -------- d-----w- c:\users\chris\AppData\Local\uTorrent
2011-07-22 09:58 . 2011-08-01 04:13 -------- d-----w- c:\users\chris\AppData\Local\Rockstar Games
2011-07-22 09:47 . 2011-07-22 09:47 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-07-22 02:42 . 2011-07-22 02:42 -------- d-sh--w- c:\programdata\DSS
2011-07-22 02:26 . 2011-07-22 02:26 -------- d-----w- c:\users\chris\AppData\Local\bluesoleil
2011-07-22 02:22 . 2011-07-22 02:22 -------- d-----w- c:\program files (x86)\IVT Corporation
2011-07-22 01:57 . 2011-08-01 02:14 -------- d-----w- c:\program files (x86)\Steam
2011-07-21 16:37 . 2011-07-21 16:37 -------- d-----w- c:\program files (x86)\somototoolbar
2011-07-21 16:35 . 2010-11-20 12:20 1750528 ----a-w- c:\windows\SysWow64\pnidui.dll
2011-07-21 16:35 . 2010-11-20 12:20 186368 ----a-w- c:\windows\SysWow64\mydocs.dll
2011-07-21 14:10 . 2010-11-20 12:21 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2011-07-21 14:10 . 2011-07-21 16:35 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.tmp
2011-07-21 14:10 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2011-07-21 14:10 . 2010-11-20 13:27 2851840 ----a-w- c:\windows\system32\themeui.dll.backup
2011-07-21 14:10 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-07-21 14:10 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-07-21 14:10 . 2011-07-21 15:53 -------- d--h--w- c:\windows\Lion Skin Pack
2011-07-18 12:27 . 2011-07-18 12:27 -------- d-----w- c:\users\chris\AppData\Local\4A Games
2011-07-18 12:03 . 2011-07-20 17:01 -------- d-----w- c:\program files (x86)\METRO 2033
2011-07-17 14:35 . 2011-07-17 14:35 -------- d-sh--w- c:\programdata\SecuROM
2011-07-16 16:21 . 2011-07-16 16:21 -------- d-----w- c:\users\chris\AppData\Roaming\Unity
2011-07-16 16:20 . 2011-07-24 17:29 -------- d-----w- c:\users\chris\AppData\Local\Unity
2011-07-16 03:49 . 2010-07-27 17:14 1241952 ----a-w- c:\windows\system32\drivers\netr28ux.sys
2011-07-15 19:48 . 2011-07-15 19:50 -------- d-----w- c:\users\chris\AppData\Roaming\Folding@home-x86
2011-07-14 16:35 . 2011-07-14 16:35 -------- d-----w- c:\users\amanda\AppData\Roaming\Ahead
2011-07-14 16:32 . 2011-07-14 16:32 -------- d-----w- c:\windows\system32\User
2011-07-14 00:43 . 2011-07-14 00:43 -------- d-----w- c:\users\chris\AppData\Local\Sprint
2011-07-14 00:37 . 2008-10-15 15:58 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-07-14 00:36 . 2008-10-15 15:58 28808 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2011-07-14 00:36 . 2011-07-14 00:36 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-07-14 00:36 . 2007-01-18 19:10 30336 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2011-07-14 00:34 . 2011-07-14 00:34 -------- d-----w- c:\users\chris\AppData\Roaming\Sierra Wireless
2011-07-14 00:34 . 2011-07-14 00:34 -------- d-----w- c:\program files (x86)\Sierra Wireless Inc
2011-07-13 11:33 . 2011-08-02 19:24 -------- d-----w- c:\users\chris\AppData\Local\SKIDROW
2011-07-13 11:17 . 2011-08-04 02:27 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-07-13 11:00 . 2011-07-24 04:20 -------- d-----w- c:\program files (x86)\THQ
2011-07-11 02:42 . 2011-07-11 02:42 -------- d-----w- c:\users\chris\AppData\Local\storage
2011-07-11 02:42 . 2011-07-11 02:42 -------- d-----w- c:\programdata\Ubisoft
2011-07-11 02:33 . 2011-07-25 03:26 -------- d-----w- c:\program files (x86)\Ubisoft
2011-07-08 12:50 . 2011-07-31 04:00 -------- d-----w- c:\programdata\Codemasters
2011-07-08 12:46 . 2011-07-08 12:46 -------- d-----w- c:\windows\SysWow64\xlive
2011-07-08 12:46 . 2011-07-08 12:46 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-07-08 12:44 . 2011-07-08 12:44 -------- d-----w- c:\program files (x86)\BRS
2011-07-08 12:44 . 2011-03-19 19:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-07-08 12:44 . 2010-09-22 17:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2011-07-08 12:44 . 2011-07-08 12:44 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-08 12:44 . 2011-07-08 12:44 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-07-08 12:44 . 2011-07-08 12:44 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-08 12:44 . 2011-07-08 12:44 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 13:08 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-21 14:10 . 2011-01-25 08:22 2851840 ----a-w- c:\windows\system32\themeui.dll
2011-07-21 14:10 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-07-21 14:10 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-07-18 00:45 . 2011-06-23 16:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-08 03:28 . 2011-05-25 03:06 814592 ----a-w- c:\windows\system32\aticfx64.dll
2011-07-08 03:10 . 2011-05-25 02:49 5072896 ----a-w- c:\windows\system32\atidxx64.dll
2011-07-08 02:54 . 2011-04-20 08:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-07-08 02:46 . 2011-05-25 02:24 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-07-08 02:46 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-06-30 01:44 . 2011-06-30 01:44 90784 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2011-06-30 01:44 . 2011-06-30 01:44 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2011-06-27 20:23 . 2011-06-27 20:23 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-06-27 20:22 . 2011-06-27 20:22 13904896 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-06-24 12:58 . 2011-06-24 13:00 4231369 ----a-w- C:\BIOSTAR_FLASH_1933.zip
2011-06-21 02:38 . 2011-06-21 02:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-21 02:37 . 2011-06-21 02:37 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-21 02:37 . 2011-06-21 02:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-21 02:37 . 2011-06-21 02:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-20 21:22 . 2011-06-20 21:22 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-20 21:18 . 2011-06-20 21:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-16 07:34 . 2011-06-16 07:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 07:34 . 2011-06-16 07:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-11 03:07 . 2011-01-25 04:22 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 06:57 . 2011-01-25 04:22 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-06-03 06:57 . 2011-01-25 04:22 243200 ----a-w- c:\windows\system32\wow64.dll
2011-06-03 06:57 . 2011-01-25 04:22 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-06-03 06:57 . 2011-01-25 04:22 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 06:57 . 2011-01-25 04:22 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-06-03 06:56 . 2011-01-25 04:22 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 06:53 . 2011-01-25 04:22 338944 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 06:44 . 2011-01-25 04:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-06-03 06:44 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-06-03 06:00 . 2011-01-25 04:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-06-03 05:57 . 2011-01-25 04:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-03 05:57 . 2011-01-25 04:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-06-03 05:56 . 2011-01-25 04:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-06-03 05:56 . 2011-01-25 04:22 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-06-03 05:47 . 2011-01-25 04:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-06-03 05:47 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-06-03 03:53 . 2011-01-25 04:22 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-06-03 03:53 . 2011-01-25 04:22 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-06-03 03:48 . 2011-01-25 04:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48 . 2011-01-25 04:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48 . 2011-01-25 04:22 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48 . 2011-01-25 04:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 12:56 . 2011-05-28 12:56 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-05-25 06:44 . 2011-05-25 06:44 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:44 . 2011-05-25 06:44 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-24 23:14 . 2011-06-20 21:26 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 10:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[7] 2011-04-09 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[7] 2011-04-09 . 240D89BBE5BCD168D748D6C12B6FE884 . 5475712 . . [6.1.7600.20941] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe
[7] 2011-04-09 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[7] 2011-04-09 . E03A9AC0273182895DCB3693A36785C9 . 5509504 . . [6.1.7600.16792] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe
[-] 2011-04-09 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2010-11-20 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[7] 2010-11-11 . 28C4FE45FC1B176FA74A48FB15DE7C9A . 5507968 . . [6.1.7600.16617] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe
[7] 2010-11-11 . 5223C216E348E397C5EACCBEFB57FFF2 . 5474184 . . [6.1.7600.20738] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_c8e8063ee6c6709e\ntoskrnl.exe
[7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[-] 2011-04-09 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\system32\ntoskrnl.exe
.
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[-] 2010-11-20 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . C7D1FD89BD4C9AF11917049E5F15E31D . 2822656 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2010-11-11 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2010-11-11 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2010-11-11 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2010-11-11 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
[7] 2011-04-22 . 64EFAF916C4009F1B84153D0BB491FB0 . 673040 . . [8.00.7600.16800] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[7] 2011-04-22 . F94877A94996B3C12BB31AD722840457 . 673040 . . [8.00.7600.20949] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[7] 2011-01-25 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[7] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[7] 2010-11-11 . 61EDBCE47ADF3E52AB0B9F49EE4AEBB8 . 673040 . . [8.00.7600.16671] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[7] 2010-11-11 . 14803EA3E5DD7CB37CB446C74CFDA38F . 673040 . . [8.00.7600.20795] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
.
[7] 2011-04-09 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[7] 2011-04-09 . 240D89BBE5BCD168D748D6C12B6FE884 . 5475712 . . [6.1.7600.20941] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe
[7] 2011-04-09 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[7] 2011-04-09 . E03A9AC0273182895DCB3693A36785C9 . 5509504 . . [6.1.7600.16792] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe
[-] 2011-04-09 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2010-11-20 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[7] 2010-11-11 . 28C4FE45FC1B176FA74A48FB15DE7C9A . 5507968 . . [6.1.7600.16617] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe
[7] 2010-11-11 . 5223C216E348E397C5EACCBEFB57FFF2 . 5474184 . . [6.1.7600.20738] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_c8e8063ee6c6709e\ntoskrnl.exe
[7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[-] 2011-04-09 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}]
2011-06-24 12:31 81920 ----a-w- c:\program files (x86)\somototoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{652853ad-5592-4231-88c6-706613a52e61}"= "c:\program files (x86)\somototoolbar\vmntemplateX.dll" [2011-06-24 81920]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{652853ad-5592-4231-88c6-706613a52e61}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft? Windows? Operating System"="c:\users\chris\AppData\Roaming\Microsoft\Protect\Credentials\audiodgi.exe" [?]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Nexus"="c:\program files (x86)\Winstep\Nexus.exe" [2011-07-06 13283456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BtTray"="c:\program files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" [2009-09-02 315478]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\Ubuntu Skin Pack\RocketDock\RocketDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GPUTool;GPUTool;c:\users\chris\AppData\Local\Temp\GPUTool.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-10 14136]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 365568]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-01-05 46592]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 ALSysIO;ALSysIO;c:\users\chris\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
S3 netr28ux;%Generic.Service.DispName%;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603361053-3026612082-3934202709-1000Core.job
- c:\users\chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 11:52]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603361053-3026612082-3934202709-1000UA.job
- c:\users\chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 11:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 67.159.52.76:8080
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-÷0HŸ¼Ÿ - c:\users\chris\AppData\Roaming\system.exe.exe
Wow6432Node-HKCU-Run-ð:L˜¶ - c:\users\chris\AppData\Roaming\megui.exe.exe
Wow6432Node-HKLM-Run-÷0HŸ¼Ÿ - c:\users\chris\AppData\Roaming\system.exe.exe
Wow6432Node-HKLM-Run-ð:L˜¶ - c:\users\chris\AppData\Roaming\megui.exe.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-MOD IV Real_is1 - c:\users\chris\Downloads\Grand Theft Auto IV\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1603361053-3026612082-3934202709-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:18,11,60,43,23,da,c7,cc,c0,4e,71,57,4d,2c,16,f8,5f,3d,66,49,f4,51,4a,
08,52,91,87,8d,23,ed,c7,4f,6d,6f,a6,7c,34,5c,54,7a,9d,06,f1,d7,de,38,3d,7d,\
"??"=hex:46,53,9f,8d,bf,e8,21,88,8b,87,74,3c,a7,d0,0d,5c
.
[HKEY_USERS\S-1-5-21-1603361053-3026612082-3934202709-1000\Software\SecuROM\License information*]
"datasecu"=hex:07,8b,70,d9,82,90,ae,e1,14,e0,97,0d,27,a4,30,76,91,aa,0b,5b,d2,
47,d4,e1,12,ce,ce,9e,4a,0d,46,29,29,78,7e,dc,d7,af,d0,3d,5a,a2,91,8d,ea,b4,\
"rkeysecu"=hex:d5,0a,00,ca,1b,08,d1,37,73,63,d9,18,24,95,b8,5f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\windows\SysWOW64\UAService7.exe
c:\program files (x86)\Winstep\WsxService.exe
.
**************************************************************************
.
Completion time: 2011-08-06 14:10:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-06 18:10
.
Pre-Run: 796,409,204,736 bytes free
Post-Run: 796,309,487,616 bytes free
.
- - End Of File - - 794136CFDC560974B6C80324D616FEAE

 

[ReikokuKo]

Looks like Combofix found and deleted a bunch of suspicious files out of your user profile folder and out of your windows folder.

I hope I didn't miss it but I don't think I saw a firewall running. Do you have one?

 

[cp0020]

just whatever windows 7 ultimate comes with.

 

[ReikokuKo]

Windows firewall doesn't catch outgoing connections. I would recommend a third party firewall, it would have blocked those trojans from phoning home. (That is if you react accordingly to the alerts.)

 

[KSoD]

Windows firewall doesn't catch outgoing connections. I would recommend a third party firewall, it would have blocked those trojans from phoning home. (That is if you react accordingly to the alerts.)

Wrong. Windows 7 does detect incoming and outgoing connections. It will block them as well. Vista will detect but not block outgoing connections. XP will only detecting incoming. A 3rd party firewall is no where near needed at all.

You were highly infected. You were not hacked at all, you are just infected to the gills with bad stuff. It wasnt hard for someone to take control when you basically handed it to them. You need a better active scanner.

 

[cp0020]

Wrong. Windows 7 does detect incoming and outgoing connections. It will block them as well. Vista will detect but not block outgoing connections. XP will only detecting incoming. A 3rd party firewall is no where near needed at all.

You were highly infected. You were not hacked at all, you are just infected to the gills with bad stuff. It wasnt hard for someone to take control when you basically handed it to them. You need a better active scanner.

you have any suggestions? really appreciate the help by the way

 

[KSoD]

Suggestions for what? To clean your system or for better protection? I can tell that something is amiss cause it replaced a file called winver. Which means that either you tried to hack your OS or you did something else to it to try and hide something. That file should never be touched for any reason. I can say that none of the uses for changing that file are really legal. The only one I seen is when people try to replace it so that it reads Windows 8 instead of Windows 7. But that is just a gimmick cause the rest of the information gives it away.

So I dont know what your trying to get help with cause I dont know for sure that the version you are running is completely legal. But you need to go through the Spyware Asylum for sure and do a through cleaning.